David Prévot
2012-May-14 23:19 UTC
[Secure-testing-team] Bug#672961: SPIP: Cross-site scripting fixed in new upstream release
Package: spip Version: 2.1.13-1 Severity: grave Tags: security upstream -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, Upstream, just released a new version, fixing two cross-site scripting vulnerabilities. The stable security update is ready [rt.debian.org #3837]. - -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable''), (500, ''testing''), (500, ''stable''), (1, ''experimental'') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-2-amd64 (SMP w/1 CPU core) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages spip depends on: ii apache2 2.4.2-1 ii apache2-bin [httpd] 2.4.2-1 ii cherokee [httpd] 1.2.101-1 ii debconf [debconf-2.0] 1.5.43 ii fonts-dustin 20030517-9 ii libjs-jquery 1.7.2-1 ii libjs-jquery-cookie 5-1 ii libjs-jquery-form 5-1 ii php-html-safe 0.10.1-1 ii php5 5.4.3-1 ii php5-mysql 5.4.3-1 Versions of packages spip recommends: ii imagemagick 8:6.7.4.0-5 ii mysql-server 5.5.23-2 ii netpbm 2:10.0-15+b1 spip suggests no packages. - -- debconf information excluded -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPsZL9AAoJELgqIXr9/gny5Q0QALMCRA10/ObfwBIkngPozuDL 1kmWBe6DWKdnN5u5EezIPl8RBqdLTSyo1YC4KGE+R/Thh6kg8TyhlToUtqiTIqyl O5uxnb5zqekSY8bkIniL/OZVkLVMu9PdzFARCUbj4ZOZLyIpyI25RNg9AkqhQ++U 6VBTruXI1+2/L/R5DXpgo3uzIjinqnJGG3jwKVlkJ7ijDMh62eaYmaX4MmAJNLKG Qkd44YRpFvNj5vOVPkZ713/A0brAs4a21Lbl0LjGacvKGplJY0sNifu3l+lO1wvI Wa7Zlb2GLiyUxYBPulOU4+VhIR/Cmk3HDmk+osq+Bacn2A5DRRgCIo5VjTz3SzV0 VgfJrfKIaA9oDCV3ZYkg0JhFrXyHBA4f9OIi18y231btTMEIzYRg84BJiT0bYoJc gUykTzClPb1E3ONqpKcARg0Q/74tiaoZcaDijx1TD+LNEbd32Llly0RbGPPTU8/v mvzmMXjyLGcCa9ZtWsm7Is/mobVrsy9lC1z9ZVpmZRotG2ZXgatQ1eAW8FsU/+5+ ib/hofk7C/8scIrmYeJywwe9pn6YRdO/LSSaztYGx+DFJxD646TuT1Gb+5ijJIO4 FxC14CLTkUo/EdtWcBa6McoEMttMpBBhanqrVf+2uQ0xg3RtdMUpgnWGul6DqnxN V0rpvMDYvNbEt8Wv59Lg =Ff/4 -----END PGP SIGNATURE-----