-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 02 Nov 2016 21:51:10 +0100 Source: spip Binary: spip Architecture: source all Version: 2.1.17-1+deb7u6 Distribution: wheezy-security Urgency: high Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org> Changed-By: Jonas Meurer <mejo@debian.org> Description: spip - website engine for publishing Changes: spip (2.1.17-1+deb7u6) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * Backport several security fixes, mostly sanitizing request parameters for exec=validate_xml action. The patches fix vulnerabilites described in: - CVE-2016-7980: cross-site request forgery (CSRF) - CVE-2016-7981: reflected cross-site scripting (XSS) - CVE-2016-7982: file enumeration/path traversal - CVE-2016-7998: template compiler/composer PHP code execution - CVE-2016-7999: server side request forgery Checksums-Sha1: 62d26091fe4c42248728ab0559301edc3a547b57 1890 spip_2.1.17-1+deb7u6.dsc 3d060364d944ab8f8889f34acf9f053014aa8b28 71166 spip_2.1.17-1+deb7u6.debian.tar.gz fb90a87846659682222b3b8e67b0481c54c0a6ff 3858474 spip_2.1.17-1+deb7u6_all.deb Checksums-Sha256: c9e7db0bb361c02330f85eb0362f08943eb3268b239f500f1b6b63416be33855 1890 spip_2.1.17-1+deb7u6.dsc 8531edf9b9f10aec764ce5c4afe42a63ab0f0dd3f4b68ad32fe80483f80a73d8 71166 spip_2.1.17-1+deb7u6.debian.tar.gz 52826ccd67ee7049a90a5b7fd572ec799cb114ba997b957966df6f67d3f774ff 3858474 spip_2.1.17-1+deb7u6_all.deb Files: e83918f214fee5115a5e5a45a8a4ec34 1890 web extra spip_2.1.17-1+deb7u6.dsc c8e6e0c7a65d1844a33e5fc06f2e371e 71166 web extra spip_2.1.17-1+deb7u6.debian.tar.gz e907593d3a1ecea1854223225568b4d2 3858474 web extra spip_2.1.17-1+deb7u6_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYGluYAAoJEFJi5/9JEEn+f9EP/imyweyE+rmnWNQFo/yW/3aQ F4OjATgntVd6huPJXqXDtqzt6Al4Cyf4cCijNgrcXp8CTt6AuWC7W0h+nFAp57WS a5g5Qp83sJjnuyO9fjje4XQQjMTPx9byJ6G3T57i7qZiCA049FI4mfiQS5QXSPaJ FmOXNrx0uLI2hc251Y1Iw5/7U6nDyQiDNhWbGMAlmv+Aap1C2YC+o8B/4+qJsoKF MstSUkaZSEt8ddS31y7mS6yvK+hdts+8pbYWNBUhkv2HCQy+gemE+pacVqCukN7G WoW0oOMco9SBhjQeE/VOFWZ/1uYfDNgwpG0NKcWfWc/NHZHwvh1iXn5Q1R08b4Ax qZ9XdYLJ7Djf9Zk9lkUISpnBljzBRNCn1bqBEoCdWSYxdUpHJvieedT9QwqY5dIe 1/Rb+PBiuhNbUg0ba1ZAaIb1E2Uh13QOTXBwItkhGuj8lCmThIUa1EVlb4TsISZ1 0jvrm/wfrkilPamud9EBEP5lp9hh3kGGssbjqSje2hm0l+0QPfhP+F0NCNx5BymS hDcvyinsqqKJVZeubFE7ZSXjLms/LM1mEX5GnVjcUF3DKUIUIE5CCEXCMb5w0iMf kBtR2MQ7yExFkCLyBLrOXBFMEzN8zwrR1nsAr5/JjLcx5gt4rOTIr9rGu8p+0r2r m9uEV6P7hzxxhWCxAHFb =etzN -----END PGP SIGNATURE-----