[Spip-maintainers] Bug#680118: spip: PHP injection fixed in new 2.1.16 upstream release
David Prévot
taffit at debian.org
Tue Jul 3 18:21:30 UTC 2012
Package: spip
Version: 2.1.1-3squeeze3
Severity: grave
Tags: security upstream
Upstream just released a new version, fixing a PHP injection
vulnerability.
The stable security update is ready [rt.debian.org #3837] and I'll
upload the package as soon as possible in:
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4.dsc
http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze4_all.deb
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (150, 'testing'), (120, 'unstable'), (110, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages spip depends on:
ii apache2-mpm-prefork [h 2.2.16-6+squeeze7 Apache HTTP Server - traditional n
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii libjs-jquery 1.4.2-2 JavaScript library for dynamic web
ii php-html-safe 0.10.0-1 strip down all potentially dangero
ii php5 5.3.3-7+squeeze13 server-side, HTML-embedded scripti
ii php5-mysql 5.3.3-7+squeeze13 MySQL module for php5
Versions of packages spip recommends:
ii imagemagick 8:6.6.0.4-3+squeeze3 image manipulation programs
ii mysql-server 5.1.63-0+squeeze1 MySQL database server (metapackage
ii mysql-server-5.1 [m 5.1.63-0+squeeze1 MySQL database server binaries and
spip suggests no packages.
-- Configuration Files:
/etc/spip/apache.conf changed [not included]
-- debconf information excluded
More information about the Spip-maintainers
mailing list