[Spip-maintainers] spip_2.1.1-3squeeze3_amd64.changes ACCEPTED into proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Apr 28 10:05:55 UTC 2012
Notes:
Mapping stable-security to proposed-updates.
Accepted:
spip_2.1.1-3squeeze3.diff.gz
to main/s/spip/spip_2.1.1-3squeeze3.diff.gz
spip_2.1.1-3squeeze3.dsc
to main/s/spip/spip_2.1.1-3squeeze3.dsc
spip_2.1.1-3squeeze3_all.deb
to main/s/spip/spip_2.1.1-3squeeze3_all.deb
Changes:
spip (2.1.1-3squeeze3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Updated security screen. Prevent several cross site scripting.
* Backport patches from 2.1.7:
- fix absolute redirection in actions;
- fix PHP injection via lang form.
* Backport patch from 2.1.8:
- fix XSS on action=converser.
* Backport patches from 2.1.11:
- fix configuration available to writers;
- fix XSS injection via prive/cfg.html;
- fix blocked server with action=tester_taille call.
* Backport patches from 2.1.13:
- fix open redirect on logout;
- fix arbitrary password change;
- fix XSS on referer.
Closes: #670110
Override entries for your package:
spip_2.1.1-3squeeze3.dsc - source web
spip_2.1.1-3squeeze3_all.deb - extra web
Announcing to debian-changes at lists.debian.org
Closing bugs: 670110
Thank you for your contribution to Debian.
More information about the Spip-maintainers
mailing list