thr3ads.net - Secure testing team - [Secure-testing-team] Bug#670110: Several security issues [Apr 2012]

If this information is useful, please help other people find it:
Share via:

David Prévot

2012-Apr-23 00:35 UTC

[Secure-testing-team] Bug#670110: Several security issues

Package: spip
Version: 2.1.12-1
Severity: grave
Tags: security upstream

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

Upstream, just released a new version, fixing several security issues,
most of them being XSS injection vulnerabilities.

	http://article.gmane.org/gmane.comp.web.spip.devel/62536

I''m also preparing the stable security update.

Regards

David

- -- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''testing''), (500, ''stable''), (1,
''experimental'')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spip depends on:
ii  apache2                2.4.2-1
ii  apache2-bin [httpd]    2.4.2-1
ii  cherokee [httpd]       1.2.101-1
ii  debconf [debconf-2.0]  1.5.42
ii  fonts-dustin           20030517-9
ii  libjs-jquery           1.7.2-1
ii  libjs-jquery-cookie    4-1
ii  libjs-jquery-form      4-1
ii  php-html-safe          0.10.1-1
ii  php5                   5.4.1~rc1-1
ii  php5-mysql             5.4.1~rc1-1

Versions of packages spip recommends:
ii  imagemagick                      8:6.7.4.0-5
ii  mysql-server                     5.1.61-3
ii  mysql-server-5.1 [mysql-server]  5.1.61-3
ii  netpbm                           2:10.0-15+b1

spip suggests no packages.

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPlKO0AAoJELgqIXr9/gnyTxMP/AmQRrhWEc1d7Ds5KVVU2nkk
E8+c7TcOQf7Y/oS5IOiWWX1TmlprURJiAjNkTBhQMSbajUUKpsSWVsHNXFnauFK8
PeGeHZr6BQ5ZZm+6Er8OpAFP3dMof+BKHPlJZF0x9MfY6aOHdbgltYF7hY9492MS
0Yo22zxf88QNkg8O74jdDtbu9VQ3iu+xrOG2eeyD9NuK5eCfm21UI14Sau09L8Al
Da9IkDQ31zzZi908ouyjusdStyZC16V63ci4CNg//jtrO627H6lheVQ+awiXmDOe
7CoHuN5QRxQGC8Ame03Dr63anpO9i8A800rjPPFBFikbBgOhOnGP9VQXkXvIYt7R
2JP2GwQ4823CBbn49k0IGtGQQvMiGSl5/jCRkLzmQc8sekd7/ZGcRkZTITXrwEG2
gsLK8gsD1d5lHqnLvF8uRq+0cScvi/4lkYXB3dBZ7gbVx8lOecdqhSYA7s0wIqL2
5xblEqVmsstib/V2wJ5GF0fWpuS2QUvyAFhP7MkyPDviKuwhVw8572oZG2Rm7XJz
HZpDt4RCC0m51qHyAUZ9k3GtJOanF47qh/Ixq58ZB675vtq7XNmkHZKvcsGOqeoY
5c961X0Lxe66hC4UrVnCj5x+Sxx2z+vjLOxSdCmh/KBq2jrvN4219f11ndYrIoe5
h98+VeDFaVoAkGMmsLLh
=v/Z6
-----END PGP SIGNATURE-----

Secure testing team - Apr 2012 - Bug#670110: Several security issues

[Secure-testing-team] Bug#670110: Several security issues