[Secure-testing-team] Bug#677290: SPIP: Cross-site scripting fixed in new 2.1.15 upstream release

David Prévot taffit at debian.org
Tue Jun 12 23:09:29 UTC 2012 

Package: spip
Version: 2.1.14-2
Severity: grave
Tags: security upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Upstream just released a new version, fixing two cross-site scripting
vulnerabilities.

The stable security update is ready [rt.debian.org #3837] and I'll
update the package as soon as I have the bug number in:

http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4_all.deb

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.43
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2+debian-1
ii  libjs-jquery-cookie    6-1
ii  libjs-jquery-form      6-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.4~rc2-1
ii  php5-mysql             5.4.4~rc2-1

Versions of packages spip recommends:
ii  imagemagick   8:6.7.7.2-1
ii  mysql-server  5.5.24+dfsg-3
ii  netpbm        2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJP18wmAAoJELgqIXr9/gnyJGoP/AjQ+l6x60W+J60JRSt0qNRV
AXe1A54cxKvNOxq7TDn7N5ChUggvIAMTU/075hqcn6QxYGE3PBlkKSCBBXndiecI
gT4tzUlu+MARt1fI+AIk8pmwftbRNq59NYRqvTlVomKx5pctT7eluOdwFDWv5ddm
jRvSXOuDHait049Q7V9C3olw2rvA/p/BR8+ZZun58pK6IC5LUe2DlOZTPZo3+mRL
JEdp+OfEwPNQ5YdZy6WdWeX9OLXAbL0n7Vj66ts9dr99hjecsn0mhKB2ziibDOty
pa0Odsr/KXy4415PDvLzbWad3silRwRG9chra4zeQ5fcNVGeGMj9IXJOxIkUxHIZ
brW7SO0p+3PRdPgtxdAlln5iVmhzW4PbblV74pysErbYL3anslYu5NgJL9eaFsVJ
z8/xKpxmpqJNYFvkFeZrMfoM8cOC61OShKpxtISqryn0NyL7g3ERpRRvq1dKWXUk
4rVe+3meCJN+tOCTI2Oc6pAuI/bnCRgAbzs3vOVlx+ASMJi0/DIFaP61NJJuvUec
We/vSnP0Ad8gNGdmXEMA/fKTSxTIj0hDh8N7LwWhdgsttfqEXzzS6/RSsRVbnxYF
u1ztuNMAka2KiSIbR/ESE6FRJOGmvB+Ow6gZ5vwuViI4jqIrlajnv+xsOS/lWzYI
U0QwhhAmpTnwFgbhvKPZ
=BeWI
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list