Bug#709674: marked as done (Privilege escalation fixed in new upstream releases)

Mon, 27 May 2013 12:33:49 -0700 

Your message dated Mon, 27 May 2013 19:32:05 +0000
with message-id <[email protected]>
and subject line Bug#709674: fixed in spip 2.1.17-1+deb7u1
has caused the Debian Bug report #709674,
regarding Privilege escalation fixed in new upstream releases
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
709674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709674
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: spip
Version: 3.0.8-1
Severity: critical
Tags: security
Control: found -1 2.1.21-1
Control: found -1 2.1.17-1
Control: found -1 2.1.1-3squeeze5

Hi,

Upstream just released a new version, fixing a privilege escalation,
allowing anyone to take control of the website.

I’m on my way to prepare the four needed packages (for squeeze, wheezy,
sid and experimental), and will open a ticket for the first two ASAP.

Regards

David

Attachment: signature.asc
Description: Digital signature


--- End Message ---
--- Begin Message --- 
Source: spip
Source-Version: 2.1.17-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated spip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 May 2013 09:29:32 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.17-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: SPIP packaging team <[email protected]>
Changed-By: David Prévot <[email protected]>
Description: 
 spip       - website engine for publishing
Closes: 709674
Changes: 
 spip (2.1.17-1+deb7u1) wheezy-security; urgency=high
 .
   * Update security screen to 1.1.7, prevent abusive inscription.
   * Backport patch from 2.1.21:
     - fix privilege escalation (Closes: #709674).
Checksums-Sha1: 
 8a73d6278213ae3babe80077edc70194c3dff437 1925 spip_2.1.17-1+deb7u1.dsc
 1ffa6bd54ef948a46013eac44abfe83de6407a8b 3943630 spip_2.1.17.orig.tar.gz
 1dcf00623de1d92fc35f7f3e7947bec8100cf08e 61830 
spip_2.1.17-1+deb7u1.debian.tar.gz
 d74e8299e6f0c789af208d8a908bb17cc4702ca7 3870024 spip_2.1.17-1+deb7u1_all.deb
Checksums-Sha256: 
 dd53be80bd2fb86285e5f4c601a88c07a608dd0c3b13220b37929456f926220a 1925 
spip_2.1.17-1+deb7u1.dsc
 85561b476df35597944eff9d6cab02ed04014c61a06737f67c6b8233e45e257b 3943630 
spip_2.1.17.orig.tar.gz
 892ff936ea6b1522dd29e8b70d96e0d4c05e1f3e1083492392dd9346998c1f00 61830 
spip_2.1.17-1+deb7u1.debian.tar.gz
 bc2000c32f29d8bb98a79daf44cf5d67c53e102b239e3e6380328c8fa74c4b32 3870024 
spip_2.1.17-1+deb7u1_all.deb
Files: 
 2a5dbaccb666c2b9e1b636ad39a231c5 1925 web extra spip_2.1.17-1+deb7u1.dsc
 1962bd0e543eabbddd60d045f8aab6ba 3943630 web extra spip_2.1.17.orig.tar.gz
 e0e1d40c0da406a751291456f7fa0b97 61830 web extra 
spip_2.1.17-1+deb7u1.debian.tar.gz
 dfd9a6aee7dc7a2b22de97519501ea9c 3870024 web extra spip_2.1.17-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRoL8GAAoJELgqIXr9/gnyhWgP/jmVdA4CJBLIn9yXRW9de0pN
6xXLEIG1bkvpkEKYCO/RdEd9ptv1iA0nc8ZH0NkrS0N5ivcfWfYyc+/flGQjEXDY
JpZaI2OMkv7pu9SekeemZAi+KEwglFrS9ZC538xjzrpTzhZk5hkzc8rrdv2t1KKJ
IEXJlPucFhNNgHurABIc0M0gCkEQlyIK/1UiVGt/smXWKaofEHER2ZT+ytByuDv+
tEY3NRLDd652MEEYumveMP4KapzcglYnETUzg9bBSNAkGc8J9OILYWIDbuIfy5r7
+pGqH0upNYl7lkgw48wjle6pYeyuiF1eKqwoXMnjTtrYR5KDla/ssRmBCeX1pl3a
Z7QkwGvl8ORxTRIgtgGeUG0MktrmmSV+GAZZOKc9lwyODrflCcQKzU2aRNbXclBH
w3JyiQRPYLWGCmxSFdFYivxKXgH99I0biZd1RM5q6ks9KMD07JkuhWfkRi5uc+B7
JdQaSe5pvRBvnz5ge1oDHe0gMSHftyNVqSYwKN9XbPL8d1lprjmYrDJXkuAYV/mY
jz0XMT3jg3PH1gexq8i39UXcO1xM7aI/R8dm3lmobPIgstx458bTVYiXUegc8wuh
jSuWiAbolf11Iybg3SSsmmWtJedCqKUTU7UMpo65A2G3OedbHaWE9FT4qMdCA0oO
QvdkHvjUxTa+fBXaI7K0
=8RQp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to