Your message dated Wed, 22 Aug 2012 22:32:04 +0000
with message-id <[email protected]>
and subject line Bug#683667: fixed in spip 2.1.1-3squeeze5
has caused the Debian Bug report #683667,
regarding Base name disclosure fixed in new 2.1.17 upstream release
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
683667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683667
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: spip
Version: 2.1.16-1
Severity: important
Tags: security patch upstream
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Upstream just released a new version, fixing a security issue (base name
disclosure). I'll upload the 2.1.17-1 package today, and will backport
the fix for stable.
Regards
David
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spip depends on:
ii apache2 2.4.2-1
ii apache2-bin [httpd] 2.4.2-1
ii cherokee [httpd] 1.2.101-1
ii debconf [debconf-2.0] 1.5.45+nmu1
ii fonts-dustin 20030517-9
ii libjs-jquery 1.7.2+debian-2
ii libjs-jquery-cookie 6-1
ii libjs-jquery-form 6-1
ii php-html-safe 0.10.1-1
ii php5 5.4.4-3
ii php5-mysql 5.4.4-3
Versions of packages spip recommends:
ii imagemagick 8:6.7.7.10-3
ii mysql-server 5.5.24+dfsg-6
ii netpbm 2:10.0-15+b1
spip suggests no packages.
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQGqsVAAoJELgqIXr9/gnyQoAP/2snMGIL4ivhpgSlAuioPtPo
KQevqvwZFYcx/5PMGFVaZFwWtrhpWMmTuS+ak/ua8C6QE0HFJUx67HhaI8GeQoht
wClL/ezCsCSopYfytilfyAQTA3AoxiapUFZmUxGex1v9a2yc0uMsrvD9G5RbQpga
GgQt4DeI3+OcLQAInDe5lUO5XuKiJLmvtazjJsWIyxFvO1O1HW8xj2OHhx+0PiWS
Vhgl4Nh5t5Jdk1rLD4rkaDC/y/84Ou23ysx9eNXjFXOITI/Qei3lQIsYYFc9cUzf
WA15uEJQhJj+VEBVPnGzeAtR6pqFidsZnQiYjokqhbvt4juo7OIIafixkRnwt9jm
gezkBd7Wu+7G7JviIVX4TKaZYlQd89IvZSd71MHlaBSE0aFdEY+6zkug+Tq7rVs4
gczl7RGI1AgCb2DoN4slF90dVADhwX5huPlDMpQmaIH9/T3o5Vg4pNUE7aLzFmAy
wQDWiT1ps6ZDfeYfr2N4Vz+mjuwQXnJUxLect5HWyOxbl/AO4x/elqN/qa3piGny
TBnnTdEbH8YcxSjb+LyQFiaXXkWQ9/QxjE4nyhJB+StsOkxWAoiDXxF1z5zNC4Ic
QTpPF1K/CKUlvVDtcOJ+EZ1AFexV0fiFhD5vhUO8I0fjaDK3nIdopJxUPp46+FE3
2aOd0z+Cw4tjw9MvgUg4
=xlxv
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: spip
Source-Version: 2.1.1-3squeeze5
We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated spip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 02 Aug 2012 14:27:29 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.1-3squeeze5
Distribution: stable
Urgency: low
Maintainer: SPIP packaging team <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
spip - website engine for publishing
Closes: 683667
Changes:
spip (2.1.1-3squeeze5) stable; urgency=low
.
* Fix base name disclosure. Closes: #683667
Checksums-Sha1:
ae17b76a9a93cf9cb293e68084065641bd215cdf 1770 spip_2.1.1-3squeeze5.dsc
0265f1195383643c8cdd191d9c4e036d44856ec8 24398 spip_2.1.1-3squeeze5.diff.gz
f1f0216eb7c746188fe764ec61e0a432e7a63e9c 3864870 spip_2.1.1-3squeeze5_all.deb
Checksums-Sha256:
7fe2a01fca978f2de923e66912dee6ca6becdff915a2a41ef711f5db28092a3f 1770
spip_2.1.1-3squeeze5.dsc
f349474df70099f552932b7087979500baad10889175d0263e4c6a868f81e2ed 24398
spip_2.1.1-3squeeze5.diff.gz
be305cfe260a37d3c9149dcb7cd4359e02b3020e340a1bb02e99640aa3420b61 3864870
spip_2.1.1-3squeeze5_all.deb
Files:
80425d936faea9aa6dae32b0b6c95a5e 1770 web extra spip_2.1.1-3squeeze5.dsc
18996251afa82874b118f06a0eca4cc3 24398 web extra spip_2.1.1-3squeeze5.diff.gz
1ea3d163b714e8e880096b8d086cef7b 3864870 web extra spip_2.1.1-3squeeze5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQGuEqAAoJELgqIXr9/gnyeCEP/iAWsWH3YdzVJ99MKkDasNo2
omrY9J/axzvsBDMB8dnsUH17GgSc3oNRTIeYnxAxMzK3CB7HCiKMBhLHKGlgck+6
GpO07PvNBy18BzBGtfp60j8AHylteuBttiwU1zo+C2KQzsRxa55XVjZ9lJ1hm1eW
E643BhA6Dma4kHk6brnqhHGmTkU094VzYUQWhFUyhcNUdL1nLqfal9/JVNQBpFmF
7eYXGgjF+kFee0g2lC57tuI7k//w0XDobnT29HJ4dUiZCXvPelfTDcV7wIE1Emme
j+7hBBajEXG/2mPYMqz6suGKG/mD0B6VfaqGwt/5ngo7N9fMNgF2tkB2hVSyjPNq
10dEgav6+vjr9H+WdcpT5CAYTfcgvSH2PmRsQZzdqNsgnR9hsIOGe6ncgyxeq2M9
Ck8LBs9ldfsrUCy74ToXVIHxm4sdPpdUefE8IfGgBDbE4u+EZU7G1v5SwzUYETPH
8mp8GkuIRUbN/s8e3YfH+wmJZM+244DYfFQuXO4LPa/Poe89OvJvFHthtsj247q1
+DuJ9JGONYYYZrcskCttdCZQECUa1iMnY4k9DWpXrBaHqz6UPPzunEdOoMsXosHs
GyFfMDhdXsDGL3zpVE1rXn2BTGmv++9LcKKC8F49y739emf0gldbYgzcSvCkSTqM
jnYZo8gcEFCtFgSfGqTd
=peUb
-----END PGP SIGNATURE-----
--- End Message ---
