Your message dated Sun, 29 Jul 2012 18:02:09 +0000 with message-id <e1svxof-0004qe...@franck.debian.org> and subject line Bug#680118: fixed in spip 2.1.1-3squeeze4 has caused the Debian Bug report #680118, regarding spip: PHP injection fixed in new 2.1.16 upstream release to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 680118: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680118 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: spip Version: 2.1.1-3squeeze3 Severity: grave Tags: security upstream Upstream just released a new version, fixing a PHP injection vulnerability. The stable security update is ready [rt.debian.org #3837] and I'll upload the package as soon as possible in: http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4_all.deb -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web ii php-html-safe 0.10.0-1 strip down all potentially dangero ii php5 5.3.3-7+squeeze13 server-side, HTML-embedded scripti ii php5-mysql 5.3.3-7+squeeze13 MySQL module for php5 Versions of packages spip recommends: ii imagemagick 8:6.6.0.4-3+squeeze3 image manipulation programs ii mysql-server 5.1.63-0+squeeze1 MySQL database server (metapackage ii mysql-server-5.1 [m 5.1.63-0+squeeze1 MySQL database server binaries and spip suggests no packages. -- Configuration Files: /etc/spip/apache.conf changed [not included] -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: spip Source-Version: 2.1.1-3squeeze4 We believe that the bug you reported is fixed in the latest version of spip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 680...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated spip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 28 Jul 2012 15:54:52 -0400 Source: spip Binary: spip Architecture: source all Version: 2.1.1-3squeeze4 Distribution: stable Urgency: low Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: spip - website engine for publishing Closes: 672961 677290 680118 Changes: spip (2.1.1-3squeeze4) stable; urgency=low . * Updated security screen to 1.1.3. Prevent cross site scripting on referer (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP injections in internal functions. Closes: #680118 * Backport patch from 2.1.14: - fix XSS on password. Closes: #672961 * Backport patch from 2.1.15: - fix XSS injection in variable name. Closes: #677290 Checksums-Sha1: 9e5f754d0dc4822f06262f8491f23d748440116f 1770 spip_2.1.1-3squeeze4.dsc f3eb62944eab419f85167956fcbcc0766376d26c 22669 spip_2.1.1-3squeeze4.diff.gz 1a3c170dc26667c192deee95df2ae0951519a510 3864040 spip_2.1.1-3squeeze4_all.deb Checksums-Sha256: a00c7a7bfe751c1d36853b5948f365f9b75757226c62d5e83859c2070d79b711 1770 spip_2.1.1-3squeeze4.dsc ad592921f732f5aa48e6bdb0a8bb6b8110a03b26aa6a233268a443652d2ec4c0 22669 spip_2.1.1-3squeeze4.diff.gz 41feb52e53643b905589d0faa0ef5da552bb6056e5eecd8d1197e58e8ee15a59 3864040 spip_2.1.1-3squeeze4_all.deb Files: 5423d34d8bf7ec48ffc955207ab5559b 1770 web extra spip_2.1.1-3squeeze4.dsc 643a60e5300649db2c43a673518db812 22669 web extra spip_2.1.1-3squeeze4.diff.gz 07e6df4d0e7207d47dce999e6cb65766 3864040 web extra spip_2.1.1-3squeeze4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQFExMAAoJELgqIXr9/gny7DEQAL01EGe+2e19rb8wh6I7Kpil pB5sFgJtvIRlFD/Hd68grrd5//09eMmwlmIZjlVYwbHF3splGlc+2vSyWxBwqjOp HsnJrdWIhoaJ+mbgyrZCzjERHAwiNSEzgaT1Vb1bx6NUuUaTvgvb1s67IlEtFM+U N3tGr+wXaNlrBesX5BDm5OBNv8WY1vatoJJBa5fI+NTqL2MQWNYwliTVW87j13Y9 AyECbB88tcHm0FiN7hU3ulN/5JCgpv5av9PKYRj5D9DdW4KOGgMMwmhsoehXpMHG RLlAM/nrBqMyJygccQiqezkaqSuya2Tj0/rKXVlfv0YhYCpQjI7k/JF7rGd6LHRl K+LHYOKvyYiz6LYqeSJapGdNYvYZ6y7AyM8Dz1/K1THUhqpOB9qUWXq0aabQ6VEr CMHjs7JupnoCiZCSiby6XnBr4lxrA2Ax3k0qpgfq5FoS5dWU16kSeg9bs/c/a1CH 09R/qu0SS4zQ3SKYON/9hFUQIJDA/46zZ6HtMkVfV0e4MGREpIGZVGgXNhr4Y3H8 MKSxdW48lkvPqwIOB1iuYFdZGK/xgYT/FZxnSwLKjF89DnC3IcC1lR3MbRSzAl/8 A8u5Q4FzRRJjBOegtHjasCU3nm9V2R9DQc1L9ScHGqiaPmMzcBPfyGJC67iSSYp5 UFrjbLjqV5I7ThXD52BS =qbSp -----END PGP SIGNATURE-----
--- End Message ---
