[Secure-testing-team] Bug#646758: spip: New version (2.1.11) fixes a security issue
David Prévot
taffit at debian.org
Wed Oct 26 19:54:51 UTC 2011
Package: spip
Version: 2.1.1-3squeeze1
Severity: important
Tags: security upstream
Hi,
The last SPIP upstream version (2.1.11) fixes a (not too important
according to upstream) full path disclosure security issue [0].
0: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/
Romain, I'm also stuck with an URL rewriting issue with attached
documents in the 2.1.1 version (that doesn't work as expected with the
“Accès Restreint” (“Restricted Access”) plugin), so I'm going to prepare
a 2.1.11 package any time soon (before the weekend) unless of course
you've already done all the needed work ;-). Would you agree if I upload
this package to unstable when it's ready?
Regards
David
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (600, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spip depends on:
ii apache2-mpm-prefork [httpd] 2.2.21-2
ii debconf [debconf-2.0] 1.5.41
ii libjs-jquery 1.6.4-1
ii lighttpd [httpd] 1.4.29-1
ii php-html-safe 0.10.1-1
ii php5 5.3.8-2
ii php5-mysql 5.3.8-2
Versions of packages spip recommends:
ii imagemagick 8:6.6.9.7-5+b1
ii mysql-server 5.1.58-1
ii mysql-server-5.1 [mysql-server] 5.1.58-1
ii netpbm 2:10.0-15
spip suggests no packages.
-- debconf information excluded
More information about the Secure-testing-team
mailing list