Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, GLPI 0.83.31 (micro-fix based on 0.83.3) is an important security release, fixing two CVEs: CVE-2012-4002: Bug #3704: CSRF prevention step 1 Bug #3707: CSRF prevention step 2 CVE-2012-4003: Bug #3705: Security XSS for few items https://forge.indepnet.net/projects/glpi/versions/771 Note: the diff from 0.83.2-1 (current testing) is pretty big, but almost all the patch is made of fixes in many files. Trying to backport would make no sense imho since it would bring almost everything, and make future maintenance even harder. Please allow GLPI 0.83.31 in testing. Regards, Pierre unblock glpi/0.83.31-1 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org