Package: spip Version: 2.1.17-1+deb7u3 Severity: important Tags: security upstream Control: fixed -1 3.1~21281-1 Control: fixed -1 3.0.16-1 Control: found -1 2.1.1-3squeeze8
Hi,
The latest upstream update [1] fixes two security issues:
- an SQL injection, already blocked by the security screen;
- a lack of sanitizing visible in log files.
I’ve already prepared the Wheezy [2] and Squeeze updates, and open this
bug report in order to follow up with the security team and the release
team to get these a priori minor issues fixed in the next (old)stable
update.
1:
http://contrib.spip.net/Alerte-SPIP-2-0-25-SPIP-2-1-26-SPIP-3-0-16-sont-gavees
2: http://people.debian.org/~taffit/spip/
Regards
David
signature.asc
Description: Digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
