[Spip-maintainers] Bug#847156: Bug#847156: spip: CVE-2016-9152
David Prévot
david at tilapin.org
Tue Dec 6 07:54:00 UTC 2016
Hi Salvatore,
Thanks for the report,
Le 05/12/2016 à 20:11, Salvatore Bonaccorso a écrit :
> the following vulnerability was published for spip.
>
> CVE-2016-9152[0]:
> cross-site scripting
[…]
> [0] https://security-tracker.debian.org/tracker/CVE-2016-9152
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9152
I was about to ask where did you find the link between the CVE entry and
the commit, but my search engine was quicker to answer ;).
FYI, a few other security-oriented commits are being staged for the next
upstream release (coming soon), and the previous fixes that already made
it in a “recent” DLA are still waiting for an upstream ack (they
recently acknowledge on IRC that they have to reply to us).
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20161205/d517d17b/attachment.sig>
More information about the Spip-maintainers
mailing list