-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Dec 2016 21:09:59 +0100 Source: spip Binary: spip Architecture: source all Version: 2.1.17-1+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: spip - website engine for publishing Closes: 847156 Changes: spip (2.1.17-1+deb7u7) wheezy-security; urgency=high . * CVE-2016-9152: Fix cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php which allowed remote attackers to inject arbitrary web script or HTML via the "rac" parameter. (Closes: #847156) Checksums-Sha1: 389c176249b13e590c17ea1148903f55cd894725 1922 spip_2.1.17-1+deb7u7.dsc 1ffa6bd54ef948a46013eac44abfe83de6407a8b 3943630 spip_2.1.17.orig.tar.gz f2eb1db924b987b4b697d0d45f82ad2b2f2d61c6 71985 spip_2.1.17-1+deb7u7.debian.tar.gz 20b60d6e7a354e5a293e2e90f494a88d665bf6f5 3883932 spip_2.1.17-1+deb7u7_all.deb Checksums-Sha256: c07085db77c6283d1bf35f2e14fcbed3e40f7d77df65f6c55e1a00f22eda8b49 1922 spip_2.1.17-1+deb7u7.dsc 85561b476df35597944eff9d6cab02ed04014c61a06737f67c6b8233e45e257b 3943630 spip_2.1.17.orig.tar.gz 723bdd61394bcc95ec8d93cb94ea5ff83777121b946d41faf3ba8ea4e4551e64 71985 spip_2.1.17-1+deb7u7.debian.tar.gz d67aff0381b0e2e435a5b04ec455829c9444071a4be64522fe8705163d65f33c 3883932 spip_2.1.17-1+deb7u7_all.deb Files: 3a6af3f5d8d8634d76fc132b4156c2b3 1922 web extra spip_2.1.17-1+deb7u7.dsc 1962bd0e543eabbddd60d045f8aab6ba 3943630 web extra spip_2.1.17.orig.tar.gz 4c7345fc97b6894991273a2ae80c75e7 71985 web extra spip_2.1.17-1+deb7u7.debian.tar.gz 05b4d94fb0f8076d62c0f71fac9d9625 3883932 web extra spip_2.1.17-1+deb7u7_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJvv4ACgkQHpU+J9Qx Hlj+cg/9H93W6fIlcLEx2KIADrGMzvH9v88HfDg9g1xub3twDIw4AdSPONlUBmJK dMngZagSV5edHYl3j/XqiiTtO9BNrU3Z6dd53U87JzcfUYB3t9QJCUMbH1S9fa+7 kN011P5FWXjeJbZjykZ/bZmg+P+aUbWKI5WY5sSqZiK/Wo6qcCuMfAAB3eV4S9Hc XsDRGUjmELwsHKcXrHdYwx6jCY9wSzlPj1sjPoKainS4NUe86jSX8YXqWxTnlX7q HRClgsWswhK/Zbgz52+gL/BQF4u0pfaIsosI917/eATJj0l/ciFnM0ve6MdYG1bR gR9uezVDQmA20IoHv9NP/cpUCf1rihFglsnf1Kovm7v3JQyFBdmwSmJDZI6f+5H9 rmnBR4orRDitiYsR/tDfQoIG9hXhU2Tg0T+xM8oeDAbKETY5TtTNVc00a9At5m5K 2tEtNN8/tU68tcde3KNuij7/iQkGUvsij3ZWGZChngLx+NrhFvymmCt/OSBaxsMU bRs+w07S2HmMeQbqCOoC2dhsS1auPbDUPKyJu/KeeFgVCDEEpHdltuEtyaGK7GGz rHuhAVYhxS+RwRY9rd0EQvzJ2J40hIOQ8NwoaTCsx60WeOhVt/l/PyrA/fJow6CV ka4Vah5hxXqfNSzY80Aul0/HOifWhhzjGvXz+SjfggP8SoxNrG4= =TP4C -----END PGP SIGNATURE-----