Debian Bug report logs - #729172
Security update

version graph

Package: spip; Maintainer for spip is SPIP packaging team <spip-maintainers@lists.alioth.debian.org>; Source for spip is src:spip.

Reported by: David Prévot <taffit@debian.org>

Date: Sat, 9 Nov 2013 19:39:01 UTC

Severity: critical

Tags: security, upstream

Found in versions spip/3.0.11-1, spip/2.1.23-1, spip/2.1.1-3squeeze6, spip/2.1.17-1+deb7u1

Fixed in versions spip/2.1.24-1, spip/3.0.12-1, spip/2.1.17-1+deb7u2, spip/2.1.1-3squeeze7

Done: David Prévot <taffit@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>:
Bug#729172; Package spip. (Sat, 09 Nov 2013 19:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to David Prévot <taffit@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>. (Sat, 09 Nov 2013 19:39:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: David Prévot <taffit@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Security update
Date: Sat, 9 Nov 2013 15:35:38 -0400
[Message part 1 (text/plain, inline)]
Package: spip
Version: 3.0.11-1
Severity: critical
Tags: security upstream
Control: found -1 2.1.1-3squeeze6 
Control: found -1 2.1.17-1+deb7u1 
Control: found -1 2.1.23-1

Hi, the latest SPIP upstream update fixes various security issues. The
stable and oldstable security update are currently dealt with the
security team in RT #4575, and pre-versions are made available on ravel:

	http://people.debian.org/~taffit/spip/

Regards

David
[signature.asc (application/pgp-signature, inline)]

Marked as found in versions spip/2.1.1-3squeeze6. Request was from David Prévot <taffit@debian.org> to submit@bugs.debian.org. (Sat, 09 Nov 2013 19:39:06 GMT) Full text and rfc822 format available.

Marked as found in versions spip/2.1.17-1+deb7u1. Request was from David Prévot <taffit@debian.org> to submit@bugs.debian.org. (Sat, 09 Nov 2013 19:39:07 GMT) Full text and rfc822 format available.

Marked as found in versions spip/2.1.23-1. Request was from David Prévot <taffit@debian.org> to submit@bugs.debian.org. (Sat, 09 Nov 2013 19:39:08 GMT) Full text and rfc822 format available.

Added tag(s) pending. Request was from David Prévot <taffit@debian.org> to control@bugs.debian.org. (Sat, 09 Nov 2013 20:15:04 GMT) Full text and rfc822 format available.

Reply sent to David Prévot <taffit@debian.org>:
You have taken responsibility. (Sat, 09 Nov 2013 21:27:37 GMT) Full text and rfc822 format available.

Notification sent to David Prévot <taffit@debian.org>:
Bug acknowledged by developer. (Sat, 09 Nov 2013 21:27:37 GMT) Full text and rfc822 format available.

Message #18 received at 729172-close@bugs.debian.org (full text, mbox):

From: David Prévot <taffit@debian.org>
To: 729172-close@bugs.debian.org
Subject: Bug#729172: fixed in spip 2.1.24-1
Date: Sat, 09 Nov 2013 21:27:26 +0000
Source: spip
Source-Version: 2.1.24-1

We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729172@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <taffit@debian.org> (supplier of updated spip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Nov 2013 15:44:50 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.24-1
Distribution: unstable
Urgency: high
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description: 
 spip       - website engine for publishing
Closes: 729172
Changes: 
 spip (2.1.24-1) unstable; urgency=high
 .
   * Imported Upstream version 2.1.24 (Closes: #729172)
   * Refresh patches
   * Update security screen to 1.1.8
   * Update mutualisation to 0.10
   * Update watch file to track the 2.1 branch
Checksums-Sha1: 
 8edbfc179cd027d087624cb3fcfa43c8ec87d051 1559 spip_2.1.24-1.dsc
 cb5fe2e52d65cc0319d8f93517ad04fd821baa1c 2519336 spip_2.1.24.orig.tar.xz
 543ba1c0810876e88be22a155dc6a9ff42e5f448 71305 spip_2.1.24-1.debian.tar.gz
 823558e9dd09df59bfa64e0f7446c856b80997c8 2527442 spip_2.1.24-1_all.deb
Checksums-Sha256: 
 3cb0f3c61dfe8bf1b1a464e8bcdb9ccc5133198c28c61eaadb2e74bedf568031 1559 spip_2.1.24-1.dsc
 01ae558340955573b36214c3cedabef3cd0b04ba6ba8b7dd7f7783e9cc7868ce 2519336 spip_2.1.24.orig.tar.xz
 ef258c7d39d2b284e8bffae6abd9025748d402b4a1ef0e31fc6a0c6722e94369 71305 spip_2.1.24-1.debian.tar.gz
 e09f0f8a9029d864379314289c68361fe28637e11ac25b3a60dc243ce18c4a09 2527442 spip_2.1.24-1_all.deb
Files: 
 6c2484679d50e11553fa12b04bc9bd7f 1559 web extra spip_2.1.24-1.dsc
 9452df4bd2bb430724e784e03a2637b2 2519336 web extra spip_2.1.24.orig.tar.xz
 c3b8016af72b5d55b2c5dd4b22ca4649 71305 web extra spip_2.1.24-1.debian.tar.gz
 d82428f80af7e3cb4ff75b8265a6747f 2527442 web extra spip_2.1.24-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBCAAGBQJSfpJBAAoJEAWMHPlE9r08nYAH/1/xdmervQk6wOR54O0uNmue
I/qA07dBHBUQE0ZyQTOVO278EKSp53fDcRY3LV2s6nRbrlYoUhPN3b737XuauYbU
JFzHx/l600pb4KzntjpPCKMUkTO+d4IENypB7bAPqE09puLi/IxmfD5vQo4YcytR
n5xv5nUhGKayok74F3TDtymKJ0qXMsdv4ikhnhjmBe0zqLCtuVk5lHyIfvI40TdI
rh15oFS8+DDNRRALvXdSMVooIHWDSYFVZ+s2q8VizThfsgIcm9AFkZ4LKyg9Mvak
JzAGZU8OnvwA3Wc7oCvlbjLTOk8pui6pWX1WsiaM1MGGGLvDlqvyeuJr4ZEluyw=
=uLjH
-----END PGP SIGNATURE-----




Reply sent to David Prévot <taffit@debian.org>:
You have taken responsibility. (Sat, 09 Nov 2013 21:30:10 GMT) Full text and rfc822 format available.

Notification sent to David Prévot <taffit@debian.org>:
Bug acknowledged by developer. (Sat, 09 Nov 2013 21:30:10 GMT) Full text and rfc822 format available.

Message #23 received at 729172-close@bugs.debian.org (full text, mbox):

From: David Prévot <taffit@debian.org>
To: 729172-close@bugs.debian.org
Subject: Bug#729172: fixed in spip 3.0.12-1
Date: Sat, 09 Nov 2013 21:27:44 +0000
Source: spip
Source-Version: 3.0.12-1

We believe that the bug you reported is fixed in the latest version of
spip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 729172@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <taffit@debian.org> (supplier of updated spip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 09 Nov 2013 15:42:46 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 3.0.12-1
Distribution: experimental
Urgency: low
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description: 
 spip       - website engine for publishing
Closes: 729172
Changes: 
 spip (3.0.12-1) experimental; urgency=low
 .
   * Imported Upstream version 3.0.12 (Closes: #729172)
   * Use embedded jQuery ColorBox outdated version:
     The current code actually depend on this version, and it doesn’t work
     well with the version from the Debian package
   * Recommend php5-sqlite, needed for DB export
   * Handle patch set with gbp pq
   * Update mutualisation’s translations
   * Bump standards version to 3.9.5
   * Use uglifyjs instead of yui-compressor
   * Remove now useless README.source
Checksums-Sha1: 
 42a7be74ea4baa60d87886dea4712a2ada77978f 1572 spip_3.0.12-1.dsc
 1947403260addd258ff5a7b99758126342e11778 5207036 spip_3.0.12.orig.tar.xz
 e13b9bfb63793c7a5551a368920759b6c77831b0 79337 spip_3.0.12-1.debian.tar.gz
 e454d6a893f050285e43247c7e853bd697d719c0 4804166 spip_3.0.12-1_all.deb
Checksums-Sha256: 
 6bb80dc7bcf01151f60e60ad5018047e7e6a535978b7c0960c288b3d6b7b203a 1572 spip_3.0.12-1.dsc
 49f69a473ecad390b3a5d21193fbf8482714c6f5beef8ceb01b4ce537cfe25e7 5207036 spip_3.0.12.orig.tar.xz
 5c561492b4c8ecffc15633802a778d2601e77ab52c0ffb0cfee5b9a06a39bb96 79337 spip_3.0.12-1.debian.tar.gz
 30eb41c36f1ade80b0aae0c84ec06a0fc50887f3785993606b9a48fe098a8b6c 4804166 spip_3.0.12-1_all.deb
Files: 
 4a68b745b4a2c68e59a829701bb16e65 1572 web extra spip_3.0.12-1.dsc
 4ea5f082f1fd3b13b359960d35d733e4 5207036 web extra spip_3.0.12.orig.tar.xz
 c3fcbee21fe966dc1e9082b45cfea404 79337 web extra spip_3.0.12-1.debian.tar.gz
 9b044bb1f9feaf791ff0a6e94ba03b52 4804166 web extra spip_3.0.12-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBCAAGBQJSfpJHAAoJEAWMHPlE9r083nkIAIU2DpxoBKYLyHcNg6TpFiY/
ic37LckQ9Xdo+MvJ+khjldZjJ8RmyVY2+9UZBhGamt+ynpOMKjx3OHz3/g2vWOj8
/9myRkUgUOQAgFs++MqU6Q3/MSvoCYXeLI2GcaUIKHfaZl6ECJc31VBNUeuesJ7X
31r4/o/aqv8JGV5LI+e7JH9bwbT4TP8/I70cHY7sloLI1YRzb8AeJ22HXWrnrd3f
2t1AzU0UTfMSfpBB5asExINkEGDTRNnHVeKsNxmM2GYSZwjvC6xoCiNHIC9kETEq
ORGbvtT5AxWuOtWlQimY2LvxWUSBbcj+tl1sXrHVYTNHwW69NALOfv1e8xrgF7o=
=ZbPy
-----END PGP SIGNATURE-----




Marked as fixed in versions spip/2.1.1-3squeeze7. Request was from David Prévot <taffit@debian.org> to control@bugs.debian.org. (Tue, 24 Dec 2013 13:27:11 GMT) Full text and rfc822 format available.

Marked as fixed in versions spip/2.1.17-1+deb7u2. Request was from David Prévot <taffit@debian.org> to control@bugs.debian.org. (Tue, 24 Dec 2013 13:27:12 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 22 Jan 2014 07:31:25 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 06:47:22 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.