Your message dated Wed, 26 Mar 2014 21:49:27 +0000 with message-id <[email protected]> and subject line Bug#742456: fixed in spip 2.1.17-1+deb7u4 has caused the Debian Bug report #742456, regarding Log sanitizing and SQL injection to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 742456: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742456 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: spip Version: 2.1.17-1+deb7u3 Severity: important Tags: security upstream Control: fixed -1 3.1~21281-1 Control: fixed -1 3.0.16-1 Control: found -1 2.1.1-3squeeze8 Hi, The latest upstream update [1] fixes two security issues: - an SQL injection, already blocked by the security screen; - a lack of sanitizing visible in log files. I’ve already prepared the Wheezy [2] and Squeeze updates, and open this bug report in order to follow up with the security team and the release team to get these a priori minor issues fixed in the next (old)stable update. 1: http://contrib.spip.net/Alerte-SPIP-2-0-25-SPIP-2-1-26-SPIP-3-0-16-sont-gavees 2: http://people.debian.org/~taffit/spip/ Regards David
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: spip Source-Version: 2.1.17-1+deb7u4 We believe that the bug you reported is fixed in the latest version of spip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <[email protected]> (supplier of updated spip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 25 Mar 2014 17:25:02 -0400 Source: spip Binary: spip Architecture: source all Version: 2.1.17-1+deb7u4 Distribution: wheezy Urgency: medium Maintainer: SPIP packaging team <[email protected]> Changed-By: David Prévot <[email protected]> Description: spip - website engine for publishing Closes: 742456 Changes: spip (2.1.17-1+deb7u4) wheezy; urgency=medium . * Update displayed version * Fix missing escape * Fix missing escape in SQL * Update security screen to 1.1.9 (Closes: #742456) Checksums-Sha1: 32b061888c73a3364e59882e0301207e6d062526 1562 spip_2.1.17-1+deb7u4.dsc cec4283fb2e42f35fe3cf12a1238ca6c47aa61c9 66202 spip_2.1.17-1+deb7u4.debian.tar.gz db17e9db4312d72221dbfd80a545029bc2606472 3875602 spip_2.1.17-1+deb7u4_all.deb Checksums-Sha256: c9f84c118ae0fe75ca6cb730674ada04bddf5cffa9369c3893b460e7f239b096 1562 spip_2.1.17-1+deb7u4.dsc 803944f864ab6d668684d0425df796c206609e3a1aa5fbc5c607e1471b0eb53f 66202 spip_2.1.17-1+deb7u4.debian.tar.gz d1948d8e36f242dd0586a378f56ef1f47d4d7632c799f963d9ee1d51287d76c1 3875602 spip_2.1.17-1+deb7u4_all.deb Files: 9b5690268bef93cfe87839059eaf5d27 1562 web extra spip_2.1.17-1+deb7u4.dsc 945ed40f8c14ca3e6d7592e93313f1ab 66202 web extra spip_2.1.17-1+deb7u4.debian.tar.gz 252118d85defca2f33813e4ad771c155 3875602 web extra spip_2.1.17-1+deb7u4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJTMfWVAAoJEAWMHPlE9r08SE8H/RLuhJAm51O5jB3XePn7f0i4 naJLrzINm/3DsZti7qw+QNksaWnQTNp09Bp7U5B3KSSLPsgAdW5Lg83V9LimBBq3 TUBDl/gvJYqoMQTAYFg4KtXQUQFTG1bIpf/FO/30Qo90LNhj3b1QATTEY1Aa90nr aWTxqJ4HFpwib8Tn6L+ND1Ei2p2Hv9ZLCMuc29rsGX1HeHQti0l0un/YFhys0UI1 ceptcUfahIUSfFsp9JNFfyTDAR82gCipT4N8gncEelWrencYj4sowASw4PVkAGSE C5IXkmrYuJ5J7lo+/SRnTiEEszRpyRzRBHKeLrrefCFH11r6DUGRGWHZDPZ+2lo= =4e/3 -----END PGP SIGNATURE-----
--- End Message ---
