Your message dated Sat, 25 May 2013 13:48:28 +0000
with message-id <[email protected]>
and subject line Bug#709674: fixed in spip 3.0.9-1
has caused the Debian Bug report #709674,
regarding Privilege escalation fixed in new upstream releases
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
709674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709674
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: spip
Version: 3.0.8-1
Severity: critical
Tags: security
Control: found -1 2.1.21-1
Control: found -1 2.1.17-1
Control: found -1 2.1.1-3squeeze5
Hi,
Upstream just released a new version, fixing a privilege escalation,
allowing anyone to take control of the website.
I’m on my way to prepare the four needed packages (for squeeze, wheezy,
sid and experimental), and will open a ticket for the first two ASAP.
Regards
David
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: spip
Source-Version: 3.0.9-1
We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated spip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 24 May 2013 22:25:48 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 3.0.9-1
Distribution: experimental
Urgency: low
Maintainer: SPIP packaging team <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
spip - website engine for publishing
Closes: 709674
Changes:
spip (3.0.9-1) experimental; urgency=low
.
* New upstream version: fix privilege escalation (Closes: #709674)
* Minify new prive/javascript/login-sha-min.js at build time
Checksums-Sha1:
75d4dc3e6a902cfa8ea572a0f3539f4af66ab5c6 1914 spip_3.0.9-1.dsc
7e9d9bc3a99212b6a7b510cc964882021b4aa1a4 5206808 spip_3.0.9.orig.tar.xz
ed4b9a3d6d7cd167ac786abd8071c7ad3d7c87f8 71402 spip_3.0.9-1.debian.tar.gz
f43819051586fa6c11fd13c3dab6f47d248cedbe 6622928 spip_3.0.9-1_all.deb
Checksums-Sha256:
c0602b1e8a0ebaefe9352fd329427f0f9fb4e3786f92a94a67d20a7255e2582b 1914
spip_3.0.9-1.dsc
553aa04c386ee812ef793ab4c771401dd50fff87570636deb170503fc75d3af8 5206808
spip_3.0.9.orig.tar.xz
a4d148aeafce367e92291bc197a1b1028ca1007a5433c70339f052cc8e6e5fdb 71402
spip_3.0.9-1.debian.tar.gz
8caec2eec60225b459135da05c55daa6326bcf95d43302fb64b2c75cec00780f 6622928
spip_3.0.9-1_all.deb
Files:
fdf98b386e1b49642ad3f3c2a1170b77 1914 web extra spip_3.0.9-1.dsc
3e343f37907053d73a434a47b668e229 5206808 web extra spip_3.0.9.orig.tar.xz
371538caa569e6a87073a9623234af13 71402 web extra spip_3.0.9-1.debian.tar.gz
95c7ebe2a9359f031c9488ba686736d8 6622928 web extra spip_3.0.9-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRoLu5AAoJELgqIXr9/gnyQ9kQAI7KQ/FZ/+SvFI/xkcsSpJhK
dA6qqVwDarAqcGL8U7z/7Z8aTeblYYklJYzNCOLP118treGAaP3ia5XdmzqHxx9r
LZ3tg3n3dXNyLDdTp+CP13AJiKGe35eDXBPvuufve93ByvsKTpilaaSqfqdd36ps
vQCaX8xDfvfYEJuuOOrk1RxK86mrlUeMj+xggyZ8Iz6p+7SzoSBrjEmGOEtOTs09
ZZ9F9WfpPsdp98OkM3Lil1gpMEkcov65RpNPsaEEWlKWY9RvB6Gr92+6SkXWhQm0
8Mj2JoZAKabjHTRfiof/Qd3HyqnQ/qFytCTLWnuYgutMLNi2wNGgMW0S1EqBdXPH
/HoOAvcC525XDRhH7HSc/yEPS6LyTH076BOfboYRjj2c4CAZzwnSSJvQIbyP++fF
K1y81Ve7CNBK7HwmRR8q/Xee7uizekBP2t1bQGQTNXxT1Xj+vCyd8uWiTM56kD6Z
FEjv8ze3OQnbqZNPdXa0Ll9IidujGU3IU4aWu/d5BucyrcXu+VDlD9lrd8+1MXv6
EkxzaSuvMp8VJX6eOXasfYi97pOTDUF3a3fUoAJ9W7owNKoPuYirtNlC+VyDeRor
l1jggT9iM3zdpO9jyVJhB7sn1kluuN6XcZLMie1W4oItROuLWPIT7+pROxdo1e7D
F+B6UQitYE1gqgRj1sEF
=K2ac
-----END PGP SIGNATURE-----
--- End Message ---
