[Spip-maintainers] Bug#736170: CVE-2013-7303: XSS on author
David Prévot
taffit at debian.org
Mon Jan 20 17:35:17 UTC 2014
Package: spip
Severity: important
Tags: security patch upstream
Control: fixed -1 3.0.13-1
Hi,
A minor security issue has just been fixed upstream in the 2.1 branch,
and is already fixed in Sid and Jessie. After a quick exchange with the
security team (RT#4911), we agreed it’s not worth a DSA (so I’ll request
two pu shortly).
Regards
David
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.12-1-rt-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spip depends on:
ii apache2 2.4.7-1
ii apache2-bin [httpd] 2.4.7-1
ii debconf [debconf-2.0] 1.5.52
ii fonts-dustin 20030517-10
ii libjs-excanvas 0.r3-3
ii libjs-ie7 2.1~beta4-1
ii libjs-jquery 1.7.2+dfsg-3
ii libjs-jquery-cookie 8-2
ii libjs-jquery-flot 0.8.1+dfsg-2
ii libjs-jquery-form 8-2
ii libjs-jquery-ui 1.10.1+dfsg-1
ii libphp-pclzip 2.8.2-2
ii php-html-safe 0.10.1-2
ii php-xml-htmlsax3 3.0.0+really3.0.0-1
ii php5 5.5.8+dfsg-2
ii php5-mysql 5.5.8+dfsg-2
ii w3c-dtd-xhtml 1.2-4
Versions of packages spip recommends:
ii imagemagick 8:6.7.7.10-7
ii mysql-server 5.5.35+dfsg-1
ii netpbm 2:10.0-15+b2
ii php5-sqlite 5.5.8+dfsg-2
spip suggests no packages.
-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20140120/b7d33ac2/attachment.sig>
More information about the Spip-maintainers
mailing list