[Spip-maintainers] Bug#742456: Log sanitizing and SQL injection
David Prévot
taffit at debian.org
Sun Mar 23 22:02:06 UTC 2014
Package: spip
Version: 2.1.17-1+deb7u3
Severity: important
Tags: security upstream
Control: fixed -1 3.1~21281-1
Control: fixed -1 3.0.16-1
Control: found -1 2.1.1-3squeeze8
Hi,
The latest upstream update [1] fixes two security issues:
- an SQL injection, already blocked by the security screen;
- a lack of sanitizing visible in log files.
I’ve already prepared the Wheezy [2] and Squeeze updates, and open this
bug report in order to follow up with the security team and the release
team to get these a priori minor issues fixed in the next (old)stable
update.
1: http://contrib.spip.net/Alerte-SPIP-2-0-25-SPIP-2-1-26-SPIP-3-0-16-sont-gavees
2: http://people.debian.org/~taffit/spip/
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20140323/43e47244/attachment.sig>
More information about the Spip-maintainers
mailing list