[Secure-testing-team] Bug#672961: SPIP: Cross-site scripting fixed in new upstream release

David Prévot taffit at debian.org
Mon May 14 23:19:28 UTC 2012 

Package: spip
Version: 2.1.13-1
Severity: grave
Tags: security upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Upstream, just released a new version, fixing two cross-site scripting
vulnerabilities.

The stable security update is ready [rt.debian.org #3837].

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.43
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2-1
ii  libjs-jquery-cookie    5-1
ii  libjs-jquery-form      5-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.3-1
ii  php5-mysql             5.4.3-1

Versions of packages spip recommends:
ii  imagemagick   8:6.7.4.0-5
ii  mysql-server  5.5.23-2
ii  netpbm        2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPsZL9AAoJELgqIXr9/gny5Q0QALMCRA10/ObfwBIkngPozuDL
1kmWBe6DWKdnN5u5EezIPl8RBqdLTSyo1YC4KGE+R/Thh6kg8TyhlToUtqiTIqyl
O5uxnb5zqekSY8bkIniL/OZVkLVMu9PdzFARCUbj4ZOZLyIpyI25RNg9AkqhQ++U
6VBTruXI1+2/L/R5DXpgo3uzIjinqnJGG3jwKVlkJ7ijDMh62eaYmaX4MmAJNLKG
Qkd44YRpFvNj5vOVPkZ713/A0brAs4a21Lbl0LjGacvKGplJY0sNifu3l+lO1wvI
Wa7Zlb2GLiyUxYBPulOU4+VhIR/Cmk3HDmk+osq+Bacn2A5DRRgCIo5VjTz3SzV0
VgfJrfKIaA9oDCV3ZYkg0JhFrXyHBA4f9OIi18y231btTMEIzYRg84BJiT0bYoJc
gUykTzClPb1E3ONqpKcARg0Q/74tiaoZcaDijx1TD+LNEbd32Llly0RbGPPTU8/v
mvzmMXjyLGcCa9ZtWsm7Is/mobVrsy9lC1z9ZVpmZRotG2ZXgatQ1eAW8FsU/+5+
ib/hofk7C/8scIrmYeJywwe9pn6YRdO/LSSaztYGx+DFJxD646TuT1Gb+5ijJIO4
FxC14CLTkUo/EdtWcBa6McoEMttMpBBhanqrVf+2uQ0xg3RtdMUpgnWGul6DqnxN
V0rpvMDYvNbEt8Wv59Lg
=Ff/4
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list