Accepted spip 3.0.17-2+deb8u4 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Jun 2018 19:15:29 -1000
Source: spip
Binary: spip
Architecture: source all
Version: 3.0.17-2+deb8u4
Distribution: jessie-security
Urgency: medium
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description:
spip - website engine for publishing
Changes:
spip (3.0.17-2+deb8u4) jessie-security; urgency=medium
.
* Update security screen to 1.3.6
* Backport security fixes from 3.0.27
- Secure inserted URL in anchors
- Secure URLs sent by self()
- Escape charset in error message
- Allow filter mode to be passed in interdire_scripts()
- No onclick nor JS popup in footer
- [Privacy] add rel attribute (noopener noreferrer) in private footer
- PHP injection via XML file
Checksums-Sha1:
5b401f44faf9bdd250f2d46282f5277cf7962b46 1610 spip_3.0.17-2+deb8u4.dsc
a5b21423280e0c092db44da9958a8ea1a13082fc 89760 spip_3.0.17-2+deb8u4.debian.tar.xz
b1c75dcb4bd9230fa20314d82d19e05a537f45b1 4824480 spip_3.0.17-2+deb8u4_all.deb
Checksums-Sha256:
c07360d910fbc26b817cd110e8ba04b01be3a51c33cf4de7d2d6f37f5045a2e3 1610 spip_3.0.17-2+deb8u4.dsc
e598a0aa679a8907e1cb9f18e77106f4bbd01e1292d2ba864f6d4d7988e4969a 89760 spip_3.0.17-2+deb8u4.debian.tar.xz
281fb6862bec599cce0bf94843aa42c090b2a98ca67b145eef101eeda826b7e4 4824480 spip_3.0.17-2+deb8u4_all.deb
Files:
d861c7352c81e4f93c54268ca64d2832 1610 web extra spip_3.0.17-2+deb8u4.dsc
fedb1deb24f6bde38fa23e4d524bd8e0 89760 web extra spip_3.0.17-2+deb8u4.debian.tar.xz
2894f0129778323a56f5410d40e846ce 4824480 web extra spip_3.0.17-2+deb8u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAlsheykACgkQBYwc+UT2
vTzBNggAhiHEdWre/42cMXNtzceRWfH/tbx8gjHuHctWn5uHeXGIE6ae0qj34DFj
mgkObBjY2ianyCAb/pydTdPDII+0TCFQTULr9s6FLbEfFMoCLrDpm2REPjS1NI6z
pQWYV1A8RT1wubmeBGG+CeR+vRo4wPezUSTNn/vIwtV1hykfHwf9RIaVuYVoYWcy
XJFb1TikF++Kkz6B+vEpNSoIa42NfjUCdtl+XPDFyexFWJmg+kfZUDX4CeCFgRoV
L2sDwsI0q38NG9ECsqsW8r9z1lnCYD35n2Xld3PdghLYXqWrMj32RE7JcV2vtiQU
RL8D7q1CzxJjD2iPtIFQ1hCclr9wlQ==
=RyX1
-----END PGP SIGNATURE-----
Reply to: