Package: release.debian.org Severity: normal Tags: bullseye User: release.debian.org@packages.debian.org Usertags: pu X-Debbugs-Cc: spip@packages.debian.org, team@security.debian.org Control: affects -1 + src:spip Another upstream release fixed a security (XSS) issue. The last two updates of this kind didn’t warrant a DSA, so I guess this one will not warrant one either (security team X-D-CCed in case I’m wrong). https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-7-SPIP-4-1-13.html The 3.2 branch is not maintained upstream anymore, but the patch has been cherry-picked directly from the 4.1 branch. Also, I’ve already deployed the proposed package on a server providing over 30 SPIP websites. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in oldstable [x] the issue is verified as fixed in unstable Thanks in advance. Regards, taffit
Attachment:
signature.asc
Description: PGP signature