Package: spip Version: 2.1.1-3squeeze1 Severity: important Tags: security upstream
Hi, The last SPIP upstream version (2.1.11) fixes a (not too important according to upstream) full path disclosure security issue [0]. 0: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/ Romain, I'm also stuck with an URL rewriting issue with attached documents in the 2.1.1 version (that doesn't work as expected with the “Accès Restreint” (“Restricted Access”) plugin), so I'm going to prepare a 2.1.11 package any time soon (before the weekend) unless of course you've already done all the needed work ;-). Would you agree if I upload this package to unstable when it's ready? Regards David -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (600, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2-mpm-prefork [httpd] 2.2.21-2 ii debconf [debconf-2.0] 1.5.41 ii libjs-jquery 1.6.4-1 ii lighttpd [httpd] 1.4.29-1 ii php-html-safe 0.10.1-1 ii php5 5.3.8-2 ii php5-mysql 5.3.8-2 Versions of packages spip recommends: ii imagemagick 8:6.6.9.7-5+b1 ii mysql-server 5.1.58-1 ii mysql-server-5.1 [mysql-server] 5.1.58-1 ii netpbm 2:10.0-15 spip suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
