[Spip-maintainers] Debian RT SPIP update, closes: #709674
David Prévot
taffit at debian.org
Fri May 24 23:32:10 UTC 2013
Hi security team,
I've just prepared the squeeze security update for spip [1], as
announced in #709674. I’ll update this ticket as soon as the Wheezy
package is also ready and tested (the debdiff should be pretty similar).
The sid and experimental versions should also be uploaded in the coming
hours.
1: http://people.debian.org/~taffit/spip/spip_2.1.1-3squeeze6.dsc
The following could be used for the DSA:
----------------%<--------------------------------%<----------------
Package : spip
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : not available yet
A privilege escalation has been found in SPIP, a website engine for
publishing, which allows anyone to take control of the website.
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.1-3squeeze6.
For the stable distribution (wheezy), this problem has been fixed in
version 2.1.17-1+deb7u1.
For the unstable distribution (sid), this problem has been fixed in
version 2.1.22-1.
For the experimental distribution, this problem has been fixed in
version 3.0.9-1.
---------------->%-------------------------------->%----------------
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spip_squeeze.patch
Type: text/x-diff
Size: 4532 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20130524/20505b28/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/spip-maintainers/attachments/20130524/20505b28/attachment.pgp>
More information about the Spip-maintainers
mailing list