[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#682808: pu: package spip/2.1.1-3squeeze4

Control: tags 682808 + squeeze confirmed

On Wed, 2012-07-25 at 16:16 -0400, David Prévot wrote:
> The spip package currently in stable is vulnerable to some security
> issues (#677290, #672961, #680118), the last one being pretty nasty…
> Having no answer from the security team, I hereby propose this update
> via the upcoming point release. As in #680381, the attached debdiff is
> pretty thin: most of the changes, in the security screen file, are due
> to rewritten comments.

+spip (2.1.1-3squeeze4) stable-security; urgency=low
+  * Non-maintainer upload by the Security Team.

Please s/-security// and drop the NMU comment.

+  * Updated security screen to 1.1.3. Prevent cross site scripting on referer
+    (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP
+    injections in internal functions.
+  Closes: #680118

The alignment of the Closes: item here looks slightly odd, imho (as do
the others).

Please go ahead; thanks.



Reply to: