Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted spip 3.0.17-2+deb8u5 (source all) into oldoldstable
Date: Mon, 28 Oct 2019 18:50:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 28 Oct 2019 19:03:02 +0200
Source: spip
Binary: spip
Architecture: source all
Version: 3.0.17-2+deb8u5
Distribution: jessie-security
Urgency: medium
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 spip       - website engine for publishing
Changes:
 spip (3.0.17-2+deb8u5) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-16391
     Fix for allowing unidentified visitor to modify any published
     content and execute other modifications in database.
   * CVE-2019-16392
     better error message sanitization on login page
   * CVE-2019-16393
     better sanitization on redirections
   * CVE-2019-16394
     don’t disclose if user exists when resetting password
Checksums-Sha1:
 3c69a169ee5eff3e3f44bbd33ee731f4f49c32ca 2114 spip_3.0.17-2+deb8u5.dsc
 60c61ec9ef0461be95767c9428df8f3f936445df 5176532 spip_3.0.17.orig.tar.xz
 ec90b76e5d01b5795aa5218c271b1be608ac8133 92004 spip_3.0.17-2+deb8u5.debian.tar.xz
 f1759cf58eccd6e91c032808e109dc84bcb4f78f 4827734 spip_3.0.17-2+deb8u5_all.deb
Checksums-Sha256:
 c24207679b0833918212be852092eed352b083444f6a9f74e277b3722e22205a 2114 spip_3.0.17-2+deb8u5.dsc
 10df1ae6310cb8a7319a5135c38fdd85fa1f48d6edc754618b306a55f41c7b02 5176532 spip_3.0.17.orig.tar.xz
 6fa9b54dce0d409c9b82e27848f12eed7ade81162e75b5998e556f4ba4ea7a8d 92004 spip_3.0.17-2+deb8u5.debian.tar.xz
 b5476cb4b489190d3a94b45769c59759c5707d9ab19caff75cbda67a60cf78e6 4827734 spip_3.0.17-2+deb8u5_all.deb
Files:
 fd7c50de07fa27237b0ebc827b9f9305 2114 web extra spip_3.0.17-2+deb8u5.dsc
 e40614daf023470c8af02f4358b052c4 5176532 web extra spip_3.0.17.orig.tar.xz
 0bb05ec56f3efaa67bdb158577ab1ca5 92004 web extra spip_3.0.17-2+deb8u5.debian.tar.xz
 ca395bcab7a79fcb14bbb7b42f42e9b5 4827734 web extra spip_3.0.17-2+deb8u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl23NfRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR40pEAC5fRL45QjIde5Emnokv4sOz7QEqzGC
Zl6ldkWae4XkjiEtRXTSZ5YxnxPH8OKjjgGDsXqCuvEMtofUBWYEg0EirYE+77HI
5k0X/ytdOkrvhdwxOETDborfz+o7MCshz7JnJSa9DZrfqVOI55MpUptCqcT9lemn
oUdGVkdsG+yH1q6sP4nQIsCFdSoYa3hmc+QysnNcOh5AZ1Vh5higRFJUECJcQfOh
pWEPU30MC7s1j/joLIJYN9fAZGWyZ7u5FYl16PeB/LxT0L/ydYPcuEOiJ7dhCMyn
fnXUDPBNdxr5Uo6M5vpuVSE5E/UzM/9Q0Y+ZlMmh1JJ46YBV14dUFo/0MaWCX2ic
qE4axfCoqklb7L2+xu5jqa70/syrT+8dAnPDIXkvAKZcTUFuH8AilNBpMyRtyWg9
qa773GDkFaMDvalU9ToEn87KMbbs9TIEDzI2f4cUzGLt14YU6UhEGxyIBMsV8/7m
hcPaKAqlX/RkD8MiZz69xr1IuQcsBMLx3gkNrAGMbwKL5xYD4N2a4wk5NVBQfeWn
l+7CpwL8r29ZOqc5BYmYvfzGkPChkiuQGJuXwstdMYt+JGtxcTYAzCQdHIwOiMLZ
YXjr4G8MmMnUXuCTPv5PEBF5EvWJHPav/pSXy0qUNW8SkaFfTAPU9tF5wYurh3zs
mYJxFg7KBaGOMw==
=d3v8
-----END PGP SIGNATURE-----
News for package spip
