Bug#670110: marked as done (Several security issues)

[Debian Bug Tracking System]

Your message dated Mon, 23 Apr 2012 13:02:37 +0000
with message-id <e1smiub-00061s...@franck.debian.org>
and subject line Bug#670110: fixed in spip 2.1.13-1
has caused the Debian Bug report #670110,
regarding Several security issues
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
670110: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670110
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: spip
Version: 2.1.12-1
Severity: grave
Tags: security upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Upstream, just released a new version, fixing several security issues,
most of them being XSS injection vulnerabilities.

        http://article.gmane.org/gmane.comp.web.spip.devel/62536

I'm also preparing the stable security update.

Regards

David

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.42
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2-1
ii  libjs-jquery-cookie    4-1
ii  libjs-jquery-form      4-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.1~rc1-1
ii  php5-mysql             5.4.1~rc1-1

Versions of packages spip recommends:
ii  imagemagick                      8:6.7.4.0-5
ii  mysql-server                     5.1.61-3
ii  mysql-server-5.1 [mysql-server]  5.1.61-3
ii  netpbm                           2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPlKO0AAoJELgqIXr9/gnyTxMP/AmQRrhWEc1d7Ds5KVVU2nkk
E8+c7TcOQf7Y/oS5IOiWWX1TmlprURJiAjNkTBhQMSbajUUKpsSWVsHNXFnauFK8
PeGeHZr6BQ5ZZm+6Er8OpAFP3dMof+BKHPlJZF0x9MfY6aOHdbgltYF7hY9492MS
0Yo22zxf88QNkg8O74jdDtbu9VQ3iu+xrOG2eeyD9NuK5eCfm21UI14Sau09L8Al
Da9IkDQ31zzZi908ouyjusdStyZC16V63ci4CNg//jtrO627H6lheVQ+awiXmDOe
7CoHuN5QRxQGC8Ame03Dr63anpO9i8A800rjPPFBFikbBgOhOnGP9VQXkXvIYt7R
2JP2GwQ4823CBbn49k0IGtGQQvMiGSl5/jCRkLzmQc8sekd7/ZGcRkZTITXrwEG2
gsLK8gsD1d5lHqnLvF8uRq+0cScvi/4lkYXB3dBZ7gbVx8lOecdqhSYA7s0wIqL2
5xblEqVmsstib/V2wJ5GF0fWpuS2QUvyAFhP7MkyPDviKuwhVw8572oZG2Rm7XJz
HZpDt4RCC0m51qHyAUZ9k3GtJOanF47qh/Ixq58ZB675vtq7XNmkHZKvcsGOqeoY
5c961X0Lxe66hC4UrVnCj5x+Sxx2z+vjLOxSdCmh/KBq2jrvN4219f11ndYrIoe5
h98+VeDFaVoAkGMmsLLh
=v/Z6
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: spip
Source-Version: 2.1.13-1

We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive:

spip_2.1.13-1.debian.tar.gz
  to main/s/spip/spip_2.1.13-1.debian.tar.gz
spip_2.1.13-1.dsc
  to main/s/spip/spip_2.1.13-1.dsc
spip_2.1.13-1_all.deb
  to main/s/spip/spip_2.1.13-1_all.deb
spip_2.1.13.orig.tar.gz
  to main/s/spip/spip_2.1.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 670...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <taf...@debian.org> (supplier of updated spip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 22 Apr 2012 22:02:42 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.13-1
Distribution: unstable
Urgency: high
Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org>
Changed-By: David Prévot <taf...@debian.org>
Description: 
 spip       - website engine for publishing
Closes: 651157 670110
Changes: 
 spip (2.1.13-1) unstable; urgency=high
 .
   * New upstream version, fixes cross site scripting.
   Closes: #670110
   * Fix path in README.
   Closes: #651157
   * Document more installation steps (partially address: #612467).
   * Add DEP-3 compliant headers.
   * Fix displayed version in the private interface.
   * Bumped standards to 3.9.3.
   * Update copyright.
   * Move more links from debian/rules to debian/links.
   * Update security screen file to 1.0.10.
   * Update mutualisation.
Checksums-Sha1: 
 8215317d1b69ae0399f58d9e3a05143aaed4695b 1897 spip_2.1.13-1.dsc
 c5078aaf7a72f580e6e69410663948669498c300 3941793 spip_2.1.13.orig.tar.gz
 1bd2bb3ab037ea9f73f3cca9f74e4c88d829adc6 59368 spip_2.1.13-1.debian.tar.gz
 809e9b46941a241741487f8c17538247adf23718 3865812 spip_2.1.13-1_all.deb
Checksums-Sha256: 
 32fa9b6dc1fe4058113b94a2dd51a0c94f481c78ce5927ee2f4886109edb9e74 1897 
spip_2.1.13-1.dsc
 906d40965cdec25d36266c1147679ef6301c4d57f1704a848fcf5abc37950237 3941793 
spip_2.1.13.orig.tar.gz
 373f5e5cbcfa05838eb9f29be9e403b98f41bbbfa1cff323557b1dd7a1f354ca 59368 
spip_2.1.13-1.debian.tar.gz
 ef515351732a0a9c422ad94cf5cc5183ccbd36c5d6d947125415bf53d3ed4491 3865812 
spip_2.1.13-1_all.deb
Files: 
 8f422e871e366487b19d775d51fc43a2 1897 web extra spip_2.1.13-1.dsc
 9c72c8ec56a87d0e41c0a641eb677c76 3941793 web extra spip_2.1.13.orig.tar.gz
 87c83b1cb0770f5cccb1ba91f623a56a 59368 web extra spip_2.1.13-1.debian.tar.gz
 4346b478eb7661a91447a14fcf5ac21f 3865812 web extra spip_2.1.13-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPlNb2AAoJELgqIXr9/gny7CMQAIeN/ODZIPSjEMLagJQyQAh5
p58p7SrsH0bQUHVq5XT81vwtwEpw5jJ0bweBey4MTltzJLJqHmb49j0AEJUYLCYe
unQWsAndicGwkH41H2sdm8X14EJR3e8VdUblrdKZBNkp/paq0MKvqOIK88hSJc0j
bACiisiUkfN2td3vVJvsk+HKlWHPKdEvt5PsEVcOwtVURP748cU0+4MFpzhR+98J
5ZVl+m1ISFKzX72hreY2qHT3Vvy0k6Hi0oSc+dQTjMc3tnjyauQANyS6wFlR5oSD
Q9+8MO54e6tzfqPNSd/Q3q3ls02wp9wUlelQp5C5P/fOL8DU3nQC4itFb43a8lea
YMBxtUz/dS03Iy/PXY8npGGEpZySiQr0jCOoccNQWvVk4P9r46Ah0xe3gK4dbpZy
WGeLBuOjfpTK8xu8rkXj7IORzBsFqGp2ceVrc93gM7C2F2IRBpby5NT5vjWJ6cUO
Bd51l6YgJtOqB3sChkUpBqYhM6KNFoY4y/+e+NH3CTK1am9+vtrfTAHPkl0RTF7u
nBK21iTmmviZPc4R2Zco5LifyC+NG7MgYzhyhqInkYNbxXP6dAoeKD0cUNi4voGJ
IkDftoRiDckhEzNUlKeGpPkO3vhSaQ2Ep3yl6xVOEVMOWCiMm2Puudwe9RFVaPAe
LAPFMsLpLUKJdpNmjhp4
=+61p
-----END PGP SIGNATURE-----

--- End Message ---