Your message dated Mon, 27 May 2013 19:32:28 +0000
with message-id <[email protected]>
and subject line Bug#709674: fixed in spip 2.1.1-3squeeze6
has caused the Debian Bug report #709674,
regarding Privilege escalation fixed in new upstream releases
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
709674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=709674
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: spip
Version: 3.0.8-1
Severity: critical
Tags: security
Control: found -1 2.1.21-1
Control: found -1 2.1.17-1
Control: found -1 2.1.1-3squeeze5
Hi,
Upstream just released a new version, fixing a privilege escalation,
allowing anyone to take control of the website.
I’m on my way to prepare the four needed packages (for squeeze, wheezy,
sid and experimental), and will open a ticket for the first two ASAP.
Regards
David
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: spip
Source-Version: 2.1.1-3squeeze6
We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated spip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 25 May 2013 09:25:46 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.1-3squeeze6
Distribution: squeeze-security
Urgency: high
Maintainer: SPIP packaging team <[email protected]>
Changed-By: David Prévot <[email protected]>
Description:
spip - website engine for publishing
Closes: 709674
Changes:
spip (2.1.1-3squeeze6) squeeze-security; urgency=high
.
* Update security screen to 1.1.7, prevent abusive inscription.
* Backport patch from 2.1.21:
- fix privilege escalation. Closes: #709674
* fix_XSS_in_variable_name.patch: Document bug number.
Checksums-Sha1:
a435dc261a72c19b84e3b35d0e12752c1c4468b2 1770 spip_2.1.1-3squeeze6.dsc
567bd6e03de8365d43dd883224ff1cf5dddf517c 24852 spip_2.1.1-3squeeze6.diff.gz
f6d7bfe11d8cd05953f0e3b0dc348cf8dc891960 3865226 spip_2.1.1-3squeeze6_all.deb
Checksums-Sha256:
b7688de0fcf51e3c1b40aca1248d2cd82299f7dc08222257d97d5630abf39aee 1770
spip_2.1.1-3squeeze6.dsc
61c1e0c7b0797a1f3ffbd3e78e6fe254c5adf108b38cc5060c93c5899bfe5918 24852
spip_2.1.1-3squeeze6.diff.gz
84c4d50cb87bbb30cbe23ab7be09bc6030adcc614a4dc6514b878649567662b4 3865226
spip_2.1.1-3squeeze6_all.deb
Files:
776649883aa476e76826dba6523ee411 1770 web extra spip_2.1.1-3squeeze6.dsc
2f94c250ad7a709a03e4ab736e7fff81 24852 web extra spip_2.1.1-3squeeze6.diff.gz
b61b620ffbe475112e5d8f6bdbeba635 3865226 web extra spip_2.1.1-3squeeze6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJRoL0+AAoJELgqIXr9/gnyZOwP/Ri81rTFDmQUEqWHAiTJ2mmF
3YJY01gfAKTTo85LZbaRo/3tuOKt0Ql/U+2hbs+TNL4HAGyjPoFY4SZUrK6MPy6f
BZpl/ENfJQsTJ2ySn+JzTZb1kW0qF2yFMpkwYnfRWCNxrGmkHsseOvzlHWlWzH/u
RzV50rQIRAmCz34p+mBHA+9AVujxZkvVrDb/GlOsFDfXe6mYR+lR0ZCDdXjEbPff
xlc7fRa5NwAKremu2xO0e7kBiKLh3xvH6eMcrpjdx+PaodeZzKFLyDIJ+VzL0lGk
dFzw0nLHjG586gejXTG9WiPF3PLlr8FV4b5WjiMkxNpj0IV4bKKG2+F5eatTS5la
BVE2Z8cv/36qgOa1yGFJD9tRmz30l92y02hkZIsvvwhFr2Miai5dKLcqQywYngEt
asnQuPs7y75xvJiNK/XYrqgGBVcUCTrewZl6o28O5dnt2elHZy/2WJp5PHDU/w6T
rl9sjUWQzPcTg5LvHM9qpcbf5iokYhzxoCsdgUe/Zz2S4aDPn5pWB7yMuufmBB1e
T5PFp8+6fJIeizckGQFuqbw/yEWV+zOs0gTzjjaUHVMQOAAP0AykGK/WjJskNVRT
gzse3GpQXF/+29W/oBIxn2cjXoD2jaUwEKnS3UPBnyFS/nUGfR9VhknM7R2VlHu9
SU/fhlEfcCQe+kS0yzHh
=7mG2
-----END PGP SIGNATURE-----
--- End Message ---
