[Spip-maintainers] spip_2.1.1-3squeeze4_amd64.changes ACCEPTED into proposed-updates

Sun Jul 29 18:02:08 UTC 2012

Notes:
Mapping stable to proposed-updates.

Accepted:
spip_2.1.1-3squeeze4.diff.gz
  to main/s/spip/spip_2.1.1-3squeeze4.diff.gz
spip_2.1.1-3squeeze4.dsc
  to main/s/spip/spip_2.1.1-3squeeze4.dsc
spip_2.1.1-3squeeze4_all.deb
  to main/s/spip/spip_2.1.1-3squeeze4_all.deb

Changes:
spip (2.1.1-3squeeze4) stable; urgency=low
 .
  * Updated security screen to 1.1.3. Prevent cross site scripting on referer
    (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP
    injections in internal functions. Closes: #680118
  * Backport patch from 2.1.14:
    - fix XSS on password. Closes: #672961
  * Backport patch from 2.1.15:
    - fix XSS injection in variable name. Closes: #677290

Override entries for your package:
spip_2.1.1-3squeeze4.dsc - source web
spip_2.1.1-3squeeze4_all.deb - extra web

Announcing to debian-changes at lists.debian.org
Closing bugs: 672961 677290 680118 

Thank you for your contribution to Debian.