Back to spip PTS page

Accepted spip 3.1.4-4~deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted spip 3.1.4-4~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: David Prévot <taffit@debian.org>
Date: Thu, 14 Jun 2018 19:17:11 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fTXk7-0004cf-6A@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 10 Jun 2018 16:49:16 -1000
Source: spip
Binary: spip
Architecture: source
Version: 3.1.4-4~deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: David Prévot <taffit@debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description:
 spip       - website engine for publishing
Closes: 879954 899895
Changes:
 spip (3.1.4-4~deb9u1) stretch-security; urgency=medium
 .
   * Upload previous fixes to stretch
 .
 spip (3.1.4-4) unstable; urgency=medium
 .
   * Update security screen to 1.3.6
   * Backport security fixes from 3.1.7
     - Do not disclose PHP version in headers
     - Secure inserted URL in anchors
     - Secure URLs sent by self()
     - Escape charset in error message
     - Allow filter mode to be passed in interdire_scripts()
     - No onclick nor JS popup in footer
     - Fix missing escapes
     - Secure _T() and _L() arguments
     - Provide a sanitize option for _T() and _L()
     - Deactivate sanitization when calling _T() in affdate_debut_fin() that
       uses secured data
     - Cross-site scripting (XSS) vulnerability [CVE-2017-15736]
       (Closes: #879954)
     - [Privacy] add rel attribute (noopener noreferrer) in private footer
   * Backport security fix from 3.1.8
     - PHP injection via XML file
   * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895)
   * Move project repository to salsa.d.o
Checksums-Sha1:
 bb22b2633453d4bb8e91cb13bbb652f44415c50d 1480 spip_3.1.4-4~deb9u1.dsc
 5c11a4ba509364298fda7e5e6838c7caead8d091 5848656 spip_3.1.4.orig.tar.xz
 85fd2d0dac340e8b9feedac3c53036fb05600462 88460 spip_3.1.4-4~deb9u1.debian.tar.xz
Checksums-Sha256:
 8633d5beffa305fdf4a20f20df767cb8fb2d587454be81cb92636a6102249c22 1480 spip_3.1.4-4~deb9u1.dsc
 884778eca338242da714641727b9acaa8ec10a5aefeefc1dbe1d38ad379d8318 5848656 spip_3.1.4.orig.tar.xz
 d45d7a71803f7a5b179b520ddb3e169246b2864b030c811472345652f07575c1 88460 spip_3.1.4-4~deb9u1.debian.tar.xz
Files:
 a6fc51716e258056fd9c36d25d3303b2 1480 web extra spip_3.1.4-4~deb9u1.dsc
 773ba92d20896200e8301361cbc814f6 5848656 web extra spip_3.1.4.orig.tar.xz
 d2928a3072640d2d63c5ac10b73c3569 88460 web extra spip_3.1.4-4~deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAlsheb8ACgkQBYwc+UT2
vTxUogf+Kmh35JepKN+aDusyW5icoRp8yK6bRDQkvS/10obRvJ+UBJ05B/q3LQFh
IKFXm1UsabTgEUbwcAoVTsxkH5WzCrCn9BKFIA1YDUCWIDbXeR6lOI5Hk17t/gCa
R+ELYiVt4opDdkgvZwMbpEW31yESUpSDeBX9E7QwDrqu+3/hY/IcF7UvMK5SOQCw
gqRNHYRZQgaaSRqj9ADmCZly7w6neAES2OOSO/zhQh0VgEJ9F47B0S+rqMSPbXUi
GF+lYX09vIqqwt+OpFZSE5zSWxv7aqePZ2mpjo3UTZlx1bVGqimTsV+BuMDfSGTg
YlW+LC8WIWLhC+FIJfAGwXzWUbajQA==
=cMgG
-----END PGP SIGNATURE-----