Your message dated Thu, 05 Jul 2012 15:17:44 +0000
with message-id <e1smnoo-0006qc...@franck.debian.org>
and subject line Bug#680118: fixed in spip 2.1.16-1
has caused the Debian Bug report #680118,
regarding spip: PHP injection fixed in new 2.1.16 upstream release
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
680118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680118
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: spip
Version: 2.1.1-3squeeze3
Severity: grave
Tags: security upstream
Upstream just released a new version, fixing a PHP injection
vulnerability.
The stable security update is ready [rt.debian.org #3837] and I'll
upload the package as soon as possible in:
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4_all.deb
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spip depends on:
ii apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web
ii php-html-safe 0.10.0-1 strip down all potentially dangero
ii php5 5.3.3-7+squeeze13 server-side, HTML-embedded scripti
ii php5-mysql 5.3.3-7+squeeze13 MySQL module for php5
Versions of packages spip recommends:
ii imagemagick 8:6.6.0.4-3+squeeze3 image manipulation programs
ii mysql-server 5.1.63-0+squeeze1 MySQL database server (metapackage
ii mysql-server-5.1 [m 5.1.63-0+squeeze1 MySQL database server binaries and
spip suggests no packages.
-- Configuration Files:
/etc/spip/apache.conf changed [not included]
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: spip
Source-Version: 2.1.16-1
We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive:
spip_2.1.16-1.debian.tar.gz
to main/s/spip/spip_2.1.16-1.debian.tar.gz
spip_2.1.16-1.dsc
to main/s/spip/spip_2.1.16-1.dsc
spip_2.1.16-1_all.deb
to main/s/spip/spip_2.1.16-1_all.deb
spip_2.1.16.orig.tar.gz
to main/s/spip/spip_2.1.16.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 680...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <taf...@debian.org> (supplier of updated spip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 04 Jul 2012 08:42:01 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.16-1
Distribution: unstable
Urgency: high
Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org>
Changed-By: David Prévot <taf...@debian.org>
Description:
spip - website engine for publishing
Closes: 680118
Changes:
spip (2.1.16-1) unstable; urgency=high
.
* New upstream version:
- fixes PHP injection (Closes: #680118);
- fixes growing session directory;
- fixes PHP 5.4 compatibility.
* Update security screen file to 1.1.3.
Checksums-Sha1:
c104d62df8cd26ac8205de955b6f2654620c66ef 1862 spip_2.1.16-1.dsc
f93820b8f9058ee39344d1dfe5e24c4e19e85ce4 3971925 spip_2.1.16.orig.tar.gz
e30ce0634f83a73705b52d27b432eaa7b2807d71 62524 spip_2.1.16-1.debian.tar.gz
235baf0bfedf865806ff3188818fef3c67c6b8f5 3856668 spip_2.1.16-1_all.deb
Checksums-Sha256:
703be91e3c5a74100417450f2db43af3f85fc23b315cd418390090eb1700a29b 1862
spip_2.1.16-1.dsc
e86e259ffa1b3ece5a842028d2cb7116ad54d06df94cc1a07ee7c5e84f356c85 3971925
spip_2.1.16.orig.tar.gz
eefc135772db59d5db49fbe64eab3bcd18ffeab5ac9d725a54e7afac658231a1 62524
spip_2.1.16-1.debian.tar.gz
5898e38610c216c95d34dbf4b5901e6cef4405a101c1905d7ffdedad91a1395b 3856668
spip_2.1.16-1_all.deb
Files:
7e122bd8848539ab48ec4e457c8f1d7b 1862 web extra spip_2.1.16-1.dsc
4c975157ada62c19691d7ffcba6d8573 3971925 web extra spip_2.1.16.orig.tar.gz
6ca046122c6cdfdf191d53ed32d4cb5a 62524 web extra spip_2.1.16-1.debian.tar.gz
234f85f5b3ced35b29b1f05aa5456b08 3856668 web extra spip_2.1.16-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJP9Du9AAoJELgqIXr9/gnyaOcP/iHvSLm19FLI4WpMdwHDIsVs
ML9u3gvkIf0Wa8UYWXYY+MAH2i+izcAypCfSLsn2xojB37fJW9GRleWmRoZrsemB
K0JFim5SO/owbMRHpOboIMJeGCtbj7Kf8kbzQDdUDaBeJCldr6QMZqUD2dZCM8UG
OcU2cxJLyE/iqF9wrlznPUdeMGOmW7QagWgf0vPqa7Q+NLC4MuzardxwgQPuOULo
SZJtrtHAoL3Ie7TpiAx3TTfcGokNH+Q+1Puq5pCBZ/B0V4rGLvxBRnHVf1c7zUtY
FuUnOm+tOjSOpeUV+HdOV7KwFI1ooTF2bt0bOzQKaZe6ZmPtc8C7uUoqBScFBDaf
z0itkTnHtpRfJyeLtuBSkSxriXMC/HsbQAIRsqIuSP6hd9P+fIYJqKOTQoN+Ps2U
KUCB38KKeJir+6MYoJxlpZ0zsvPmscwzXHelaGlZ55vRNaH5J6vsIlyKSk5Feb3E
xZCiPv8rcwh1Lqh3MTBnup90WSkmeHACY+U7SzsT0OKqydVQb9/Tb8F2PO4GOLqz
VTe2NIyueLtLYyQ3m1PHXs20EfuAzwzCqDMk0iIihAy/qfiqnVjkXFotpR+j/0Ce
J1bZKkWZrYdM/L6Zweqv6ptrde3mobC9Zbefb1c/yY77uHsLiIfGv4v3LNnfO9Jm
UIR1fWBXha1j6zD7QH5d
=T7mC
-----END PGP SIGNATURE-----
--- End Message ---
