-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Sep 2019 12:02:26 -1000 Source: spip Binary: spip Architecture: source Version: 3.1.4-4~deb9u3 Distribution: stretch-security Urgency: medium Maintainer: David Prévot <taffit@debian.org> Changed-By: David Prévot <taffit@debian.org> Description: spip - website engine for publishing Changes: spip (3.1.4-4~deb9u3) stretch-security; urgency=medium . * Backport security fixes from 3.1.11 - Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database [CVE-2019-16391] - Other security fixes: + better sanitization on redirections [CVE-2019-16393] + don’t disclose if user exists when resetting password [CVE-2019-16394] + better error message sanitization on login page [CVE-2019-16392] - Update security screen to 1.3.12 * Add CVE ID to previous changelog entry Checksums-Sha1: c99c3cbd0f0285eb92f1e4803f8f57633536bdcb 1504 spip_3.1.4-4~deb9u3.dsc 735c9af9b6ca1d61659e6bba4e687c366a5f3a73 93460 spip_3.1.4-4~deb9u3.debian.tar.xz b8dcb59ad797b806edd24de15356d6b6ac5e4d3a 7955 spip_3.1.4-4~deb9u3_amd64.buildinfo Checksums-Sha256: 1cdcaec95ff65787c23d1305d6107ff93859c2993c116465d584f42d8b4588ec 1504 spip_3.1.4-4~deb9u3.dsc 1af344632730f4efda0d0b1e282aa98a22f7e37db044bcf7cc4bb07522eb920f 93460 spip_3.1.4-4~deb9u3.debian.tar.xz 4c0934932ae63fd6c6121966df1d550438f6c820ece848ef8546529e312f0a8d 7955 spip_3.1.4-4~deb9u3_amd64.buildinfo Files: 780cf636dc6399731015c99eba1d7cbd 1504 web extra spip_3.1.4-4~deb9u3.dsc 9ce867109b0e222e7857057e3087a511 93460 web extra spip_3.1.4-4~deb9u3.debian.tar.xz 3b82ef89e5dd3786d10626a654aa372a 7955 web extra spip_3.1.4-4~deb9u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAl2B5PkSHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08bwcH/Ax+OZKGgeq/byEwenemEw2EBQXOUH+H N3zStzGZp8Us4CjB1XpQzU7825Y2AeLXoscyWM0oz11NymR2HgoXzvbzAuM48rC7 3WyIb2tMuAZjjyniruDvRiEs9dy7UiXUOnbr6NJXgAerXBFBgfs/Sj00DBW0rQz8 qm261DheLLHFW4v9SAdSCe+eoR2S6+l+z5ytrm8okvcctD4nr3mLCBI6BAwJK+aC En/qnyJEu0ezUy7S/JUNulM8BJYa/5YegfbMx9ZDHeBZpMSYLSVx9zIxgdnow+F2 46HpgFswIBTQiFkIWbLFi4vlAAH6cJug3htw5Qr/XBxk4aAbCV4SKwQ= =L+aP -----END PGP SIGNATURE-----