Hi Salvatore, Thanks for the report,
Le 05/12/2016 à 20:11, Salvatore Bonaccorso a écrit : > the following vulnerability was published for spip. > > CVE-2016-9152[0]: > cross-site scripting […] > [0] https://security-tracker.debian.org/tracker/CVE-2016-9152 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9152 I was about to ask where did you find the link between the CVE entry and the commit, but my search engine was quicker to answer ;). FYI, a few other security-oriented commits are being staged for the next upstream release (coming soon), and the previous fixes that already made it in a “recent” DLA are still waiting for an upstream ack (they recently acknowledge on IRC that they have to reply to us). Regards David
signature.asc
Description: OpenPGP digital signature
