Your message dated Sat, 25 May 2013 13:48:23 +0000
with message-id <e1ugepb-0004xk...@franck.debian.org>
and subject line Bug#709674: fixed in spip 2.1.22-1
has caused the Debian Bug report #709674,
regarding Privilege escalation fixed in new upstream releases
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
709674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: spip
Version: 3.0.8-1
Severity: critical
Tags: security
Control: found -1 2.1.21-1
Control: found -1 2.1.17-1
Control: found -1 2.1.1-3squeeze5
Hi,
Upstream just released a new version, fixing a privilege escalation,
allowing anyone to take control of the website.
I’m on my way to prepare the four needed packages (for squeeze, wheezy,
sid and experimental), and will open a ticket for the first two ASAP.
Regards
David
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: spip
Source-Version: 2.1.22-1
We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 709...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <taf...@debian.org> (supplier of updated spip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 May 2013 21:35:34 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.22-1
Distribution: unstable
Urgency: high
Maintainer: SPIP packaging team <spip-maintain...@lists.alioth.debian.org>
Changed-By: David Prévot <taf...@debian.org>
Description:
spip - website engine for publishing
Closes: 709674
Changes:
spip (2.1.22-1) unstable; urgency=high
.
* New upstream version: fix privilege escalation (Closes: #709674)
* Update security screen to 1.1.7
Checksums-Sha1:
7a3698608f7f274f1bf8ff25fc43d89630c04720 1905 spip_2.1.22-1.dsc
1588c14cceda8962916aad185092764d331a6f22 2517784 spip_2.1.22.orig.tar.xz
e4272a5d4514ca2cdf301425eee3ae099bbf5417 62400 spip_2.1.22-1.debian.tar.gz
0dc41e179e91103726fa62e87dfacc6f92302447 3882378 spip_2.1.22-1_all.deb
Checksums-Sha256:
24931e8db56e001bf1c89f07f4a99bbd97d3fc240cc2d549737e1108ae068cce 1905
spip_2.1.22-1.dsc
f2d3a0d3e7175b2af3d74529ba1827415d30035ed2bdf05e3336611e5fb403f9 2517784
spip_2.1.22.orig.tar.xz
ba86364f457c644390bbe2e27723404f3f9d2c2e1ec38ada8488a9944e9a2216 62400
spip_2.1.22-1.debian.tar.gz
27c15dede3b6122dc278518696e13c05ac93bc96c9068f5332c2fb3a721bdefa 3882378
spip_2.1.22-1_all.deb
Files:
190cf59cbccb0264dfe840d62ae224a7 1905 web extra spip_2.1.22-1.dsc
4bb1bc40eeee6c221ca7c85bf2445276 2517784 web extra spip_2.1.22.orig.tar.xz
ef4c8f3d9af6faeb7bc273d76d14173a 62400 web extra spip_2.1.22-1.debian.tar.gz
d8c7fbd679c4f69f9f55444e545210b7 3882378 web extra spip_2.1.22-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRoLuqAAoJELgqIXr9/gnydHYQAITforK/7dlI12ZF9VdBV/wi
pbXBaWD5gvlknJzcI9PiNnfJP28S1AFMNHTyqkhHa4HM6CQUUlFbXOefmaCohNtC
qxhyX8dKT/fgvbkKoQ8V31L31vWLcctsukTmYQLj55PS7p8TEX06AkSS6gKTQ02y
VYi5NI2gwAAlHBM2bR3ahDTH6Sz/wpEuHGFefrL4GZY3t1bNOwyq/3clPSyxuRYf
sF4d5CsjlyklUCf/7A+CJYoEIIAJQbHmBcx2ILHrpfjaSSEtdlT7QoJLsnAN1nGZ
U3WuhP5o9X8+atGa0tNQF8efGJ0D5Cu0GotPQQC6KvVvjBmdq4m+9WSIr9iTH0iB
dYhXU4yAfsw5pZLRTLB4ix5JbQyPtvB3sUbngaUxEaGgCQZcMAJZXMIjhb5fLx+g
bp02N3kJyN0BGJqLleFRCcP6spr6v9tCGUeRpmGzWBMZzg9/K8F0GsYflWfuVr1y
TKSNJoTP3lE3W3m4ByDuIoZGha4yZU77TawrtJVJ/iIPmsN2Fze96xFSntfvN7md
QFP/hHQtMPtZxGjNcNLe3+KAjkniUCsNINSNwpCkRYknSyGQLSwg8ISaxI0T4qTB
+KiJUqAYkU11TieaeewSFEZQKW/AO2BpdOrfrCTOqPMhFB36lLW4IEDK+kdRN1x/
le+2W8270FRptPUDQO2l
=j4DL
-----END PGP SIGNATURE-----
--- End Message ---
