Your message dated Sat, 28 Apr 2012 10:05:55 +0000 with message-id <e1so4xl-0006lm...@franck.debian.org> and subject line Bug#670110: fixed in spip 2.1.1-3squeeze3 has caused the Debian Bug report #670110, regarding Several security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 670110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670110 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: spip Version: 2.1.12-1 Severity: grave Tags: security upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Upstream, just released a new version, fixing several security issues, most of them being XSS injection vulnerabilities. http://article.gmane.org/gmane.comp.web.spip.devel/62536 I'm also preparing the stable security update. Regards David - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2 2.4.2-1 ii apache2-bin [httpd] 2.4.2-1 ii cherokee [httpd] 1.2.101-1 ii debconf [debconf-2.0] 1.5.42 ii fonts-dustin 20030517-9 ii libjs-jquery 1.7.2-1 ii libjs-jquery-cookie 4-1 ii libjs-jquery-form 4-1 ii php-html-safe 0.10.1-1 ii php5 5.4.1~rc1-1 ii php5-mysql 5.4.1~rc1-1 Versions of packages spip recommends: ii imagemagick 8:6.7.4.0-5 ii mysql-server 5.1.61-3 ii mysql-server-5.1 [mysql-server] 5.1.61-3 ii netpbm 2:10.0-15+b1 spip suggests no packages. - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPlKO0AAoJELgqIXr9/gnyTxMP/AmQRrhWEc1d7Ds5KVVU2nkk E8+c7TcOQf7Y/oS5IOiWWX1TmlprURJiAjNkTBhQMSbajUUKpsSWVsHNXFnauFK8 PeGeHZr6BQ5ZZm+6Er8OpAFP3dMof+BKHPlJZF0x9MfY6aOHdbgltYF7hY9492MS 0Yo22zxf88QNkg8O74jdDtbu9VQ3iu+xrOG2eeyD9NuK5eCfm21UI14Sau09L8Al Da9IkDQ31zzZi908ouyjusdStyZC16V63ci4CNg//jtrO627H6lheVQ+awiXmDOe 7CoHuN5QRxQGC8Ame03Dr63anpO9i8A800rjPPFBFikbBgOhOnGP9VQXkXvIYt7R 2JP2GwQ4823CBbn49k0IGtGQQvMiGSl5/jCRkLzmQc8sekd7/ZGcRkZTITXrwEG2 gsLK8gsD1d5lHqnLvF8uRq+0cScvi/4lkYXB3dBZ7gbVx8lOecdqhSYA7s0wIqL2 5xblEqVmsstib/V2wJ5GF0fWpuS2QUvyAFhP7MkyPDviKuwhVw8572oZG2Rm7XJz HZpDt4RCC0m51qHyAUZ9k3GtJOanF47qh/Ixq58ZB675vtq7XNmkHZKvcsGOqeoY 5c961X0Lxe66hC4UrVnCj5x+Sxx2z+vjLOxSdCmh/KBq2jrvN4219f11ndYrIoe5 h98+VeDFaVoAkGMmsLLh =v/Z6 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: spip Source-Version: 2.1.1-3squeeze3 We believe that the bug you reported is fixed in the latest version of spip, which is due to be installed in the Debian FTP archive: spip_2.1.1-3squeeze3.diff.gz to main/s/spip/spip_2.1.1-3squeeze3.diff.gz spip_2.1.1-3squeeze3.dsc to main/s/spip/spip_2.1.1-3squeeze3.dsc spip_2.1.1-3squeeze3_all.deb to main/s/spip/spip_2.1.1-3squeeze3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 670...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated spip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 23 Apr 2012 17:37:13 -0400 Source: spip Binary: spip Architecture: source all Version: 2.1.1-3squeeze3 Distribution: stable-security Urgency: high Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: spip - website engine for publishing Closes: 670110 Changes: spip (2.1.1-3squeeze3) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Updated security screen. Prevent several cross site scripting. * Backport patches from 2.1.7: - fix absolute redirection in actions; - fix PHP injection via lang form. * Backport patch from 2.1.8: - fix XSS on action=converser. * Backport patches from 2.1.11: - fix configuration available to writers; - fix XSS injection via prive/cfg.html; - fix blocked server with action=tester_taille call. * Backport patches from 2.1.13: - fix open redirect on logout; - fix arbitrary password change; - fix XSS on referer. Closes: #670110 Checksums-Sha1: 62f9c782d1e285bc3ebd53a16478e6275cf6a17f 1770 spip_2.1.1-3squeeze3.dsc 3498ba7c4040ad1d392bc95c2610f0d7b09f4aa2 21619 spip_2.1.1-3squeeze3.diff.gz fe617890373101b255882ecea8a557bad76883de 3863526 spip_2.1.1-3squeeze3_all.deb Checksums-Sha256: 286bbeceb79e00e355545bb46fd63efe8524ec290ae738bf00ebf4e4b01f4f1a 1770 spip_2.1.1-3squeeze3.dsc 9e0773737d1fe78b588f659e24c502d06c6984a6085a253fc1aad01820485f32 21619 spip_2.1.1-3squeeze3.diff.gz ae50f8cbea4e4d04f6ff71f0b673b03802da97a1b6426bf42db7e8e75f5f875f 3863526 spip_2.1.1-3squeeze3_all.deb Files: 36807e3f3c5faad193afd65ed1c461aa 1770 web extra spip_2.1.1-3squeeze3.dsc dfca8ccd58dfd8ab53b1b8e5c618d96d 21619 web extra spip_2.1.1-3squeeze3.diff.gz 16556e54704fa0488415cdecf4889faf 3863526 web extra spip_2.1.1-3squeeze3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPlc1cAAoJELgqIXr9/gnyHGIP/0bb9DuCqYSHhiEOQWWW/wyl C9GhQnHQjaOd38RvGziIoYy9Zd0HHwXsdbuEbbd3data+eBzshjGbhITi5SNuZ8w YbxBRL2Q39FSxSeFWWhejdIQCs9hABSkpJVUP/SFNtswwiF8mJMEdRN79uM13e4z k/EW1vcWMA1ctK8AzMFFF4vS/eKe/oWeTByI1Fshj3l1HHI6PqsFV1LgoXDKZb3r Zxj7Gd5opYxb66xS+Q3enWZeFRj5PIBWrKiSEVn9a01kHk1A3EK4aI5wquI7nlP8 hQgokXSpBo0kMC2NAEZJ9lNtbxohX0gQBeUZisrvyCI/d555ewU8yKWNIthEWZOm AdWJAf4oVjaN24QNHr9+skOAqkWdpZwUd7WJk6z376zPbFpCKLK1NbHGY3QL3NKV BLzl5cnoUApFaWslxJGI3TQon/VsGY0J8BTowmSxInEdisGvFBGsAFJJaahz2XXh aQZgHc+/VdHIiQy6+c+FuLDj6nS4EdsFs2Z949EaS8lFEnq/5Ra6n3AIxOjQsvHU uxHsgEYmGqyJ0DQP6s8O5bbU4uRFrgtNw348B+xiSgCc8KUZhUeuspTabKM3yWRs Nf+6+3tUwN62nSVX3FbPocIu4IgndYSNyzRpBKN2kbzd5bMyX9t8UwmjlIkm39+m oox4HlN2jE/M2TFilcbP =v5rV -----END PGP SIGNATURE-----
--- End Message ---
