Your message dated Sun, 29 Jul 2012 18:02:08 +0000 with message-id <e1svxoe-0004qy...@franck.debian.org> and subject line Bug#672961: fixed in spip 2.1.1-3squeeze4 has caused the Debian Bug report #672961, regarding SPIP: Cross-site scripting fixed in new upstream release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 672961: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672961 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: spip Version: 2.1.13-1 Severity: grave Tags: security upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Upstream, just released a new version, fixing two cross-site scripting vulnerabilities. The stable security update is ready [rt.debian.org #3837]. - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2 2.4.2-1 ii apache2-bin [httpd] 2.4.2-1 ii cherokee [httpd] 1.2.101-1 ii debconf [debconf-2.0] 1.5.43 ii fonts-dustin 20030517-9 ii libjs-jquery 1.7.2-1 ii libjs-jquery-cookie 5-1 ii libjs-jquery-form 5-1 ii php-html-safe 0.10.1-1 ii php5 5.4.3-1 ii php5-mysql 5.4.3-1 Versions of packages spip recommends: ii imagemagick 8:6.7.4.0-5 ii mysql-server 5.5.23-2 ii netpbm 2:10.0-15+b1 spip suggests no packages. - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPsZL9AAoJELgqIXr9/gny5Q0QALMCRA10/ObfwBIkngPozuDL 1kmWBe6DWKdnN5u5EezIPl8RBqdLTSyo1YC4KGE+R/Thh6kg8TyhlToUtqiTIqyl O5uxnb5zqekSY8bkIniL/OZVkLVMu9PdzFARCUbj4ZOZLyIpyI25RNg9AkqhQ++U 6VBTruXI1+2/L/R5DXpgo3uzIjinqnJGG3jwKVlkJ7ijDMh62eaYmaX4MmAJNLKG Qkd44YRpFvNj5vOVPkZ713/A0brAs4a21Lbl0LjGacvKGplJY0sNifu3l+lO1wvI Wa7Zlb2GLiyUxYBPulOU4+VhIR/Cmk3HDmk+osq+Bacn2A5DRRgCIo5VjTz3SzV0 VgfJrfKIaA9oDCV3ZYkg0JhFrXyHBA4f9OIi18y231btTMEIzYRg84BJiT0bYoJc gUykTzClPb1E3ONqpKcARg0Q/74tiaoZcaDijx1TD+LNEbd32Llly0RbGPPTU8/v mvzmMXjyLGcCa9ZtWsm7Is/mobVrsy9lC1z9ZVpmZRotG2ZXgatQ1eAW8FsU/+5+ ib/hofk7C/8scIrmYeJywwe9pn6YRdO/LSSaztYGx+DFJxD646TuT1Gb+5ijJIO4 FxC14CLTkUo/EdtWcBa6McoEMttMpBBhanqrVf+2uQ0xg3RtdMUpgnWGul6DqnxN V0rpvMDYvNbEt8Wv59Lg =Ff/4 -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: spip Source-Version: 2.1.1-3squeeze4 We believe that the bug you reported is fixed in the latest version of spip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 672...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated spip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 28 Jul 2012 15:54:52 -0400 Source: spip Binary: spip Architecture: source all Version: 2.1.1-3squeeze4 Distribution: stable Urgency: low Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: spip - website engine for publishing Closes: 672961 677290 680118 Changes: spip (2.1.1-3squeeze4) stable; urgency=low . * Updated security screen to 1.1.3. Prevent cross site scripting on referer (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP injections in internal functions. Closes: #680118 * Backport patch from 2.1.14: - fix XSS on password. Closes: #672961 * Backport patch from 2.1.15: - fix XSS injection in variable name. Closes: #677290 Checksums-Sha1: 9e5f754d0dc4822f06262f8491f23d748440116f 1770 spip_2.1.1-3squeeze4.dsc f3eb62944eab419f85167956fcbcc0766376d26c 22669 spip_2.1.1-3squeeze4.diff.gz 1a3c170dc26667c192deee95df2ae0951519a510 3864040 spip_2.1.1-3squeeze4_all.deb Checksums-Sha256: a00c7a7bfe751c1d36853b5948f365f9b75757226c62d5e83859c2070d79b711 1770 spip_2.1.1-3squeeze4.dsc ad592921f732f5aa48e6bdb0a8bb6b8110a03b26aa6a233268a443652d2ec4c0 22669 spip_2.1.1-3squeeze4.diff.gz 41feb52e53643b905589d0faa0ef5da552bb6056e5eecd8d1197e58e8ee15a59 3864040 spip_2.1.1-3squeeze4_all.deb Files: 5423d34d8bf7ec48ffc955207ab5559b 1770 web extra spip_2.1.1-3squeeze4.dsc 643a60e5300649db2c43a673518db812 22669 web extra spip_2.1.1-3squeeze4.diff.gz 07e6df4d0e7207d47dce999e6cb65766 3864040 web extra spip_2.1.1-3squeeze4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQFExMAAoJELgqIXr9/gny7DEQAL01EGe+2e19rb8wh6I7Kpil pB5sFgJtvIRlFD/Hd68grrd5//09eMmwlmIZjlVYwbHF3splGlc+2vSyWxBwqjOp HsnJrdWIhoaJ+mbgyrZCzjERHAwiNSEzgaT1Vb1bx6NUuUaTvgvb1s67IlEtFM+U N3tGr+wXaNlrBesX5BDm5OBNv8WY1vatoJJBa5fI+NTqL2MQWNYwliTVW87j13Y9 AyECbB88tcHm0FiN7hU3ulN/5JCgpv5av9PKYRj5D9DdW4KOGgMMwmhsoehXpMHG RLlAM/nrBqMyJygccQiqezkaqSuya2Tj0/rKXVlfv0YhYCpQjI7k/JF7rGd6LHRl K+LHYOKvyYiz6LYqeSJapGdNYvYZ6y7AyM8Dz1/K1THUhqpOB9qUWXq0aabQ6VEr CMHjs7JupnoCiZCSiby6XnBr4lxrA2Ax3k0qpgfq5FoS5dWU16kSeg9bs/c/a1CH 09R/qu0SS4zQ3SKYON/9hFUQIJDA/46zZ6HtMkVfV0e4MGREpIGZVGgXNhr4Y3H8 MKSxdW48lkvPqwIOB1iuYFdZGK/xgYT/FZxnSwLKjF89DnC3IcC1lR3MbRSzAl/8 A8u5Q4FzRRJjBOegtHjasCU3nm9V2R9DQc1L9ScHGqiaPmMzcBPfyGJC67iSSYp5 UFrjbLjqV5I7ThXD52BS =qbSp -----END PGP SIGNATURE-----
--- End Message ---
