Bug#677290: marked as done (SPIP: Cross-site scripting fixed in new 2.1.15 upstream release)

[Debian Bug Tracking System]

Your message dated Wed, 13 Jun 2012 15:14:55 +0000
with message-id <e1sephb-0005ai...@franck.debian.org>
and subject line Bug#677290: fixed in spip 2.1.15-1
has caused the Debian Bug report #677290,
regarding SPIP: Cross-site scripting fixed in new 2.1.15 upstream release
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
677290: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677290
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: spip
Version: 2.1.14-2
Severity: grave
Tags: security upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Upstream just released a new version, fixing two cross-site scripting
vulnerabilities.

The stable security update is ready [rt.debian.org #3837] and I'll
update the package as soon as I have the bug number in:

http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4_all.deb

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.43
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2+debian-1
ii  libjs-jquery-cookie    6-1
ii  libjs-jquery-form      6-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.4~rc2-1
ii  php5-mysql             5.4.4~rc2-1

Versions of packages spip recommends:
ii  imagemagick   8:6.7.7.2-1
ii  mysql-server  5.5.24+dfsg-3
ii  netpbm        2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJP18wmAAoJELgqIXr9/gnyJGoP/AjQ+l6x60W+J60JRSt0qNRV
AXe1A54cxKvNOxq7TDn7N5ChUggvIAMTU/075hqcn6QxYGE3PBlkKSCBBXndiecI
gT4tzUlu+MARt1fI+AIk8pmwftbRNq59NYRqvTlVomKx5pctT7eluOdwFDWv5ddm
jRvSXOuDHait049Q7V9C3olw2rvA/p/BR8+ZZun58pK6IC5LUe2DlOZTPZo3+mRL
JEdp+OfEwPNQ5YdZy6WdWeX9OLXAbL0n7Vj66ts9dr99hjecsn0mhKB2ziibDOty
pa0Odsr/KXy4415PDvLzbWad3silRwRG9chra4zeQ5fcNVGeGMj9IXJOxIkUxHIZ
brW7SO0p+3PRdPgtxdAlln5iVmhzW4PbblV74pysErbYL3anslYu5NgJL9eaFsVJ
z8/xKpxmpqJNYFvkFeZrMfoM8cOC61OShKpxtISqryn0NyL7g3ERpRRvq1dKWXUk
4rVe+3meCJN+tOCTI2Oc6pAuI/bnCRgAbzs3vOVlx+ASMJi0/DIFaP61NJJuvUec
We/vSnP0Ad8gNGdmXEMA/fKTSxTIj0hDh8N7LwWhdgsttfqEXzzS6/RSsRVbnxYF
u1ztuNMAka2KiSIbR/ESE6FRJOGmvB+Ow6gZ5vwuViI4jqIrlajnv+xsOS/lWzYI
U0QwhhAmpTnwFgbhvKPZ
=BeWI
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Source: spip
Source-Version: 2.1.15-1

We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive:

spip_2.1.15-1.debian.tar.gz
  to main/s/spip/spip_2.1.15-1.debian.tar.gz
spip_2.1.15-1.dsc
  to main/s/spip/spip_2.1.15-1.dsc
spip_2.1.15-1_all.deb
  to main/s/spip/spip_2.1.15-1_all.deb
spip_2.1.15.orig.tar.gz
  to main/s/spip/spip_2.1.15.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 677...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <taf...@debian.org> (supplier of updated spip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 12 Jun 2012 19:16:49 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.15-1
Distribution: unstable
Urgency: high
Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org>
Changed-By: David Prévot <taf...@debian.org>
Description: 
 spip       - website engine for publishing
Closes: 677290
Changes: 
 spip (2.1.15-1) unstable; urgency=high
 .
   * New upstream version, fixes cross site scripting.
   Closes: #677290
   * Update security screen file to 1.1.2.
Checksums-Sha1: 
 f15d2d1e2aadf7a37c172a1f3c232ad1d95d6341 1897 spip_2.1.15-1.dsc
 708f2273704afc155b10cf241f0343b4afd5992c 3943072 spip_2.1.15.orig.tar.gz
 4e13ca0596adfd0efd7c10bd8280338ffa35d532 61249 spip_2.1.15-1.debian.tar.gz
 3b2793aa48f238beafd27ae2f8e6bb8f5a4f5e12 3868754 spip_2.1.15-1_all.deb
Checksums-Sha256: 
 b1876df5b755565c835dee58b89d111e9cd4af6042c949f6437ab0488daee572 1897 
spip_2.1.15-1.dsc
 89a333c24bfea94e68d59c048d5b42d046e40951d66b2fd504c537366c86fda0 3943072 
spip_2.1.15.orig.tar.gz
 93f3704f09b1f11c4264a7fbc26b53f58e15bcba11aed7396aaff4fbc87a8a21 61249 
spip_2.1.15-1.debian.tar.gz
 a9f69e4d76b73c7c1360c340cb697fe143c3821862321045aa2ca3c32dc72f6f 3868754 
spip_2.1.15-1_all.deb
Files: 
 2e2fecc5e546569af33ae8af044cf7d4 1897 web extra spip_2.1.15-1.dsc
 4002db5a3206e42e2d67661247b61c17 3943072 web extra spip_2.1.15.orig.tar.gz
 71d18df22129f6e9bce9418cfd25c219 61249 web extra spip_2.1.15-1.debian.tar.gz
 b94a50ee0613c967c9afb1728b696cb2 3868754 web extra spip_2.1.15-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJP18+9AAoJELgqIXr9/gnyTB4P/jfpU0aHpHXBB2SRl6A+PSKB
pPwltKqXRSMn/xzz8Ce+05d2QJ+RdsH5yikGLRuLLSohFwmWSE4i6Iz/OW2d3roS
APEHhBXSoXuLrcTMKDvI1xFiLJ5KsMBL4jdms/nTC4V1S4WVA1Kt2Oru2W1Z61bi
sggRmKGktUOwES8w+vTGcUF6+OSVIJp24j82GEKYbx/wLaZioRjHJQhF2szKOWIA
bE2FwDKXhCsYw/jGVtciP+YoJkNLuwZ/PqboJrpdzHKc6EAWanm8BBZdu1MCAT+A
Bipq8nwx0mwgTCkcvvuNcQ554XcP1XX0nyZZVAOVKEInjM3ObqNIjEvH7fv1nO+W
xzPesnncrb0y5b0MPABEnJlgY746J7jENZuNFxVDNtfCIRFFtkKot8qwj49Kqa2+
dUueXp1Wez6yJb4nhhgXPVVnyW/QZr3CpakzkK8JQoiio5a2nPM6gqb8FS4KYzTM
5d7wqq3yOi1V7qYtsHX6yUCKgItGKpA0AEh9rMVoa5PYNAouuXcgv8IK+QQbm+XD
eP1bVUrDR2XTu7fnl8l4LA9jhdpssfon2N25zdLA8//LpXMdOnLX2cUbXphLweYU
7/vq9c9cevF/vVWUYvup9NFYwcOH08JyNflUceRqg89x37CSMxc5zSTxkQbRheve
suvx/2eIvT4TFpGZoUM2
=yu6G
-----END PGP SIGNATURE-----

--- End Message ---