Hi, Please unblock serendipity/1.5.3-2, which fixes a security issue. Debdiff attached. Thanks, Thijs
diff -Nru serendipity-1.5.3/debian/changelog serendipity-1.5.3/debian/changelog
--- serendipity-1.5.3/debian/changelog 2010-05-12 18:57:11.000000000 +0200
+++ serendipity-1.5.3/debian/changelog 2010-09-01 11:45:28.000000000 +0200
@@ -1,3 +1,10 @@
+serendipity (1.5.3-2) unstable; urgency=high
+
+ * Fix XSS security issue made public 20100909. (Closes: #594905)
+ [CVE-2010-2957]
+
+ -- Jean-Marc Roth <jmroth@iip.lu> Mon, 30 Aug 2010 17:10:04 +0200
+
serendipity (1.5.3-1) unstable; urgency=medium
* New upstream release.
diff -Nru serendipity-1.5.3/debian/patches/060_xss20100909.patch serendipity-1.5.3/debian/patches/060_xss20100909.patch
--- serendipity-1.5.3/debian/patches/060_xss20100909.patch 1970-01-01 01:00:00.000000000 +0100
+++ serendipity-1.5.3/debian/patches/060_xss20100909.patch 2010-09-01 11:44:39.000000000 +0200
@@ -0,0 +1,14 @@
+Fix XSS security issue (20100909)
+--- a/include/functions_config.inc.php
++++ b/include/functions_config.inc.php
+@@ -843,6 +843,10 @@
+ return true;
+ }
+
++ if (!serendipity_checkFormToken()) {
++ return false;
++ }
++
+ $_SESSION['save_entry'] = $entry;
+ $_SESSION['save_entry_POST'] = $serendipity['POST'];
+
diff -Nru serendipity-1.5.3/debian/patches/series serendipity-1.5.3/debian/patches/series
--- serendipity-1.5.3/debian/patches/series 2010-05-09 15:03:19.000000000 +0200
+++ serendipity-1.5.3/debian/patches/series 2010-09-01 11:44:39.000000000 +0200
@@ -6,3 +6,4 @@
040_add_RFC2616_compliance.patch
041_remove_slashcomments.patch
#050_spartacus.patch
+060_xss20100909.patch
Attachment:
signature.asc
Description: This is a digitally signed message part.