[Secure-testing-team] Bug#683667: Base name disclosure fixed in new 2.1.17 upstream release

David Prévot taffit at debian.org
Thu Aug 2 16:30:16 UTC 2012 

Package: spip
Version: 2.1.16-1
Severity: important
Tags: security patch upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Upstream just released a new version, fixing a security issue (base name
disclosure). I'll upload the 2.1.17-1 package today, and will backport
the fix for stable.

Regards

David

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.45+nmu1
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2+debian-2
ii  libjs-jquery-cookie    6-1
ii  libjs-jquery-form      6-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.4-3
ii  php5-mysql             5.4.4-3

Versions of packages spip recommends:
ii  imagemagick   8:6.7.7.10-3
ii  mysql-server  5.5.24+dfsg-6
ii  netpbm        2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQGqsVAAoJELgqIXr9/gnyQoAP/2snMGIL4ivhpgSlAuioPtPo
KQevqvwZFYcx/5PMGFVaZFwWtrhpWMmTuS+ak/ua8C6QE0HFJUx67HhaI8GeQoht
wClL/ezCsCSopYfytilfyAQTA3AoxiapUFZmUxGex1v9a2yc0uMsrvD9G5RbQpga
GgQt4DeI3+OcLQAInDe5lUO5XuKiJLmvtazjJsWIyxFvO1O1HW8xj2OHhx+0PiWS
Vhgl4Nh5t5Jdk1rLD4rkaDC/y/84Ou23ysx9eNXjFXOITI/Qei3lQIsYYFc9cUzf
WA15uEJQhJj+VEBVPnGzeAtR6pqFidsZnQiYjokqhbvt4juo7OIIafixkRnwt9jm
gezkBd7Wu+7G7JviIVX4TKaZYlQd89IvZSd71MHlaBSE0aFdEY+6zkug+Tq7rVs4
gczl7RGI1AgCb2DoN4slF90dVADhwX5huPlDMpQmaIH9/T3o5Vg4pNUE7aLzFmAy
wQDWiT1ps6ZDfeYfr2N4Vz+mjuwQXnJUxLect5HWyOxbl/AO4x/elqN/qa3piGny
TBnnTdEbH8YcxSjb+LyQFiaXXkWQ9/QxjE4nyhJB+StsOkxWAoiDXxF1z5zNC4Ic
QTpPF1K/CKUlvVDtcOJ+EZ1AFexV0fiFhD5vhUO8I0fjaDK3nIdopJxUPp46+FE3
2aOd0z+Cw4tjw9MvgUg4
=xlxv
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list