Back to spip PTS page

Accepted spip 3.1.4-4 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted spip 3.1.4-4 (source) into unstable
From: David Prévot <taffit@debian.org>
Date: Mon, 11 Jun 2018 04:05:04 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fSE4m-000CUa-6S@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Jun 2018 14:57:12 -1000
Source: spip
Binary: spip
Architecture: source
Version: 3.1.4-4
Distribution: unstable
Urgency: medium
Maintainer: David Prévot <taffit@debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description:
 spip       - website engine for publishing
Closes: 879954 899895
Changes:
 spip (3.1.4-4) unstable; urgency=medium
 .
   * Update security screen to 1.3.6
   * Backport security fixes from 3.1.7
     - Do not disclose PHP version in headers
     - Secure inserted URL in anchors
     - Secure URLs sent by self()
     - Escape charset in error message
     - Allow filter mode to be passed in interdire_scripts()
     - No onclick nor JS popup in footer
     - Fix missing escapes
     - Secure _T() and _L() arguments
     - Provide a sanitize option for _T() and _L()
     - Deactivate sanitization when calling _T() in affdate_debut_fin() that
       uses secured data
     - Cross-site scripting (XSS) vulnerability [CVE-2017-15736]
       (Closes: #879954)
     - [Privacy] add rel attribute (noopener noreferrer) in private footer
   * Backport security fix from 3.1.8
     - PHP injection via XML file
   * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895)
   * Move project repository to salsa.d.o
Checksums-Sha1:
 e8476560faafff2f6e8a7a98621137256169443a 1452 spip_3.1.4-4.dsc
 ac7dbf7550dab269d1c7b0f48f3bb255aebdce81 88484 spip_3.1.4-4.debian.tar.xz
Checksums-Sha256:
 984cfbecc3ca82667e8c8dbbbabd78b4275a3a606e40408bf8116b25bc34c2ac 1452 spip_3.1.4-4.dsc
 aa4de988ca7a0e217514b5e5778320c4868d6b2124d6caafb409d7bc1e00de60 88484 spip_3.1.4-4.debian.tar.xz
Files:
 cb5f2ae320b34ecd759bdfd17e8f792f 1452 web extra spip_3.1.4-4.dsc
 ab0971c9c6da84b585b409b13e88b7dd 88484 web extra spip_3.1.4-4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAlsd4gQACgkQBYwc+UT2
vTwyIgf/VOIdJWalCFB35b9OrS8HzTBc4kFmkJjKCEotlIHswDo2ZjE6YmUSEFoK
iXn1P58BKhrfVPO9scI3QrmHB9EUZmNdaVcguYmHDQ7gRxlmEmqGHzj63tgkmEYo
qSgngIb2cfZ3dHU14LeUQh9Jeo8Bj2wdv+0X6oSoZaNvkR9eJdcOLZB4f+z9UTKE
NskSWirz1k25EOi/VINGFlwQPZ14gvaI6kb63VmNHq1SOAUvhgsaiHw1icpY6dje
gFsTbWlRP9LQi/V3Xt7Oa/fEvphmqvPY6RXxnWAeBvBtj0IcFm2BiaGAx2RibBK9
I8kQLgTv8xL4gPiERs47a+Oa5lC3dA==
=SdgD
-----END PGP SIGNATURE-----