Accepted spip 2.1.17-1+deb7u6 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted spip 2.1.17-1+deb7u6 (source all) into oldstable
From: Jonas Meurer <mejo@debian.org>
Date: Wed, 02 Nov 2016 21:40:25 +0000
Message-id: <[🔎] E1c23Gj-0001Wp-1E@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 02 Nov 2016 21:51:10 +0100
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.17-1+deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: Jonas Meurer <mejo@debian.org>
Description:
 spip       - website engine for publishing
Changes:
 spip (2.1.17-1+deb7u6) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Backport several security fixes, mostly sanitizing request parameters for
     exec=validate_xml action. The patches fix vulnerabilites described in:
     - CVE-2016-7980: cross-site request forgery (CSRF)
     - CVE-2016-7981: reflected cross-site scripting (XSS)
     - CVE-2016-7982: file enumeration/path traversal
     - CVE-2016-7998: template compiler/composer PHP code execution
     - CVE-2016-7999: server side request forgery
Checksums-Sha1:
 62d26091fe4c42248728ab0559301edc3a547b57 1890 spip_2.1.17-1+deb7u6.dsc
 3d060364d944ab8f8889f34acf9f053014aa8b28 71166 spip_2.1.17-1+deb7u6.debian.tar.gz
 fb90a87846659682222b3b8e67b0481c54c0a6ff 3858474 spip_2.1.17-1+deb7u6_all.deb
Checksums-Sha256:
 c9e7db0bb361c02330f85eb0362f08943eb3268b239f500f1b6b63416be33855 1890 spip_2.1.17-1+deb7u6.dsc
 8531edf9b9f10aec764ce5c4afe42a63ab0f0dd3f4b68ad32fe80483f80a73d8 71166 spip_2.1.17-1+deb7u6.debian.tar.gz
 52826ccd67ee7049a90a5b7fd572ec799cb114ba997b957966df6f67d3f774ff 3858474 spip_2.1.17-1+deb7u6_all.deb
Files:
 e83918f214fee5115a5e5a45a8a4ec34 1890 web extra spip_2.1.17-1+deb7u6.dsc
 c8e6e0c7a65d1844a33e5fc06f2e371e 71166 web extra spip_2.1.17-1+deb7u6.debian.tar.gz
 e907593d3a1ecea1854223225568b4d2 3858474 web extra spip_2.1.17-1+deb7u6_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYGluYAAoJEFJi5/9JEEn+f9EP/imyweyE+rmnWNQFo/yW/3aQ
F4OjATgntVd6huPJXqXDtqzt6Al4Cyf4cCijNgrcXp8CTt6AuWC7W0h+nFAp57WS
a5g5Qp83sJjnuyO9fjje4XQQjMTPx9byJ6G3T57i7qZiCA049FI4mfiQS5QXSPaJ
FmOXNrx0uLI2hc251Y1Iw5/7U6nDyQiDNhWbGMAlmv+Aap1C2YC+o8B/4+qJsoKF
MstSUkaZSEt8ddS31y7mS6yvK+hdts+8pbYWNBUhkv2HCQy+gemE+pacVqCukN7G
WoW0oOMco9SBhjQeE/VOFWZ/1uYfDNgwpG0NKcWfWc/NHZHwvh1iXn5Q1R08b4Ax
qZ9XdYLJ7Djf9Zk9lkUISpnBljzBRNCn1bqBEoCdWSYxdUpHJvieedT9QwqY5dIe
1/Rb+PBiuhNbUg0ba1ZAaIb1E2Uh13QOTXBwItkhGuj8lCmThIUa1EVlb4TsISZ1
0jvrm/wfrkilPamud9EBEP5lp9hh3kGGssbjqSje2hm0l+0QPfhP+F0NCNx5BymS
hDcvyinsqqKJVZeubFE7ZSXjLms/LM1mEX5GnVjcUF3DKUIUIE5CCEXCMb5w0iMf
kBtR2MQ7yExFkCLyBLrOXBFMEzN8zwrR1nsAr5/JjLcx5gt4rOTIr9rGu8p+0r2r
m9uEV6P7hzxxhWCxAHFb
=etzN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted libwmf 0.2.8.4-10.3+deb7u2 (source amd64 all) into oldstable
Next by Date: Accepted bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 (source all amd64) into oldstable
Previous by thread: Accepted libwmf 0.2.8.4-10.3+deb7u2 (source amd64 all) into oldstable
Next by thread: Accepted bind9 1:9.8.4.dfsg.P1-6+nmu2+deb7u13 (source all amd64) into oldstable
Index(es):
- Date
- Thread