[Spip-maintainers] Bug#610016: spip: critical security issue fixed in 2.1.8
Romain Beauxis
toots at rastageeks.org
Fri Jan 14 21:28:28 UTC 2011
Package: spip
Version: 2.1.1-2
Severity: grave
A security release of SPIP has just been announced:
http://www.spip-contrib.net/SPIP-2-1-8-corrige-une-importante-faille-de-securite
(french)
Not much information is available about the exact issue and the changelog
is not helpful either.
I have not time at the moment to prepare a fixed package. Any contributor is warmly welcome
to NMU the package with no delay.
In the mean time, users can download and install a security fix called security screen
from there:
http://zone.spip.org/trac/spip-zone/browser/_core_/securite/ecran_securite.php?format=txt
and documented there:
http://www.spip.net/en_article4200.html
Romain
-- System Information:
Debian Release: 6.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages spip depends on:
pn apache2 | httpd <none> (no description available)
ii debconf [debconf-2.0] 1.5.37 Debian configuration management sy
ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web
ii php-html-safe 0.10.0-1 strip down all potentially dangero
ii php5 5.3.3-7 server-side, HTML-embedded scripti
ii php5-mysql 5.3.3-7 MySQL module for php5
Versions of packages spip recommends:
ii imagemagick 8:6.6.0.4-3 image manipulation programs
ii mysql-server 5.1.49-3 MySQL database server (metapackage
ii mysql-server-5.1 [mysql-s 5.1.49-3 MySQL database server binaries and
ii netpbm 2:10.0-12.2+b1 Graphics conversion tools between
spip suggests no packages.
More information about the Spip-maintainers
mailing list