David Prévot
2012-Aug-02 16:30 UTC
[Secure-testing-team] Bug#683667: Base name disclosure fixed in new 2.1.17 upstream release
Package: spip Version: 2.1.16-1 Severity: important Tags: security patch upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Upstream just released a new version, fixing a security issue (base name disclosure). I''ll upload the 2.1.17-1 package today, and will backport the fix for stable. Regards David - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable''), (500, ''testing''), (500, ''stable''), (1, ''experimental'') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2 2.4.2-1 ii apache2-bin [httpd] 2.4.2-1 ii cherokee [httpd] 1.2.101-1 ii debconf [debconf-2.0] 1.5.45+nmu1 ii fonts-dustin 20030517-9 ii libjs-jquery 1.7.2+debian-2 ii libjs-jquery-cookie 6-1 ii libjs-jquery-form 6-1 ii php-html-safe 0.10.1-1 ii php5 5.4.4-3 ii php5-mysql 5.4.4-3 Versions of packages spip recommends: ii imagemagick 8:6.7.7.10-3 ii mysql-server 5.5.24+dfsg-6 ii netpbm 2:10.0-15+b1 spip suggests no packages. - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJQGqsVAAoJELgqIXr9/gnyQoAP/2snMGIL4ivhpgSlAuioPtPo KQevqvwZFYcx/5PMGFVaZFwWtrhpWMmTuS+ak/ua8C6QE0HFJUx67HhaI8GeQoht wClL/ezCsCSopYfytilfyAQTA3AoxiapUFZmUxGex1v9a2yc0uMsrvD9G5RbQpga GgQt4DeI3+OcLQAInDe5lUO5XuKiJLmvtazjJsWIyxFvO1O1HW8xj2OHhx+0PiWS Vhgl4Nh5t5Jdk1rLD4rkaDC/y/84Ou23ysx9eNXjFXOITI/Qei3lQIsYYFc9cUzf WA15uEJQhJj+VEBVPnGzeAtR6pqFidsZnQiYjokqhbvt4juo7OIIafixkRnwt9jm gezkBd7Wu+7G7JviIVX4TKaZYlQd89IvZSd71MHlaBSE0aFdEY+6zkug+Tq7rVs4 gczl7RGI1AgCb2DoN4slF90dVADhwX5huPlDMpQmaIH9/T3o5Vg4pNUE7aLzFmAy wQDWiT1ps6ZDfeYfr2N4Vz+mjuwQXnJUxLect5HWyOxbl/AO4x/elqN/qa3piGny TBnnTdEbH8YcxSjb+LyQFiaXXkWQ9/QxjE4nyhJB+StsOkxWAoiDXxF1z5zNC4Ic QTpPF1K/CKUlvVDtcOJ+EZ1AFexV0fiFhD5vhUO8I0fjaDK3nIdopJxUPp46+FE3 2aOd0z+Cw4tjw9MvgUg4 =xlxv -----END PGP SIGNATURE-----