Debian Package Tracker

Date: Sun, 29 Jul 2012 18:02:08 +0000
From: David Prévot <taffit@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted spip 2.1.1-3squeeze4 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 28 Jul 2012 15:54:52 -0400
Source: spip
Binary: spip
Architecture: source all
Version: 2.1.1-3squeeze4
Distribution: stable
Urgency: low
Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description: 
 spip       - website engine for publishing
Closes: 672961 677290 680118
Changes: 
 spip (2.1.1-3squeeze4) stable; urgency=low
 .
   * Updated security screen to 1.1.3. Prevent cross site scripting on referer
     (addresses missing bits of [CVE-2012-2151]), cross site scripting and PHP
     injections in internal functions. Closes: #680118
   * Backport patch from 2.1.14:
     - fix XSS on password. Closes: #672961
   * Backport patch from 2.1.15:
     - fix XSS injection in variable name. Closes: #677290
Checksums-Sha1: 
 9e5f754d0dc4822f06262f8491f23d748440116f 1770 spip_2.1.1-3squeeze4.dsc
 f3eb62944eab419f85167956fcbcc0766376d26c 22669 spip_2.1.1-3squeeze4.diff.gz
 1a3c170dc26667c192deee95df2ae0951519a510 3864040 spip_2.1.1-3squeeze4_all.deb
Checksums-Sha256: 
 a00c7a7bfe751c1d36853b5948f365f9b75757226c62d5e83859c2070d79b711 1770 spip_2.1.1-3squeeze4.dsc
 ad592921f732f5aa48e6bdb0a8bb6b8110a03b26aa6a233268a443652d2ec4c0 22669 spip_2.1.1-3squeeze4.diff.gz
 41feb52e53643b905589d0faa0ef5da552bb6056e5eecd8d1197e58e8ee15a59 3864040 spip_2.1.1-3squeeze4_all.deb
Files: 
 5423d34d8bf7ec48ffc955207ab5559b 1770 web extra spip_2.1.1-3squeeze4.dsc
 643a60e5300649db2c43a673518db812 22669 web extra spip_2.1.1-3squeeze4.diff.gz
 07e6df4d0e7207d47dce999e6cb65766 3864040 web extra spip_2.1.1-3squeeze4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQFExMAAoJELgqIXr9/gny7DEQAL01EGe+2e19rb8wh6I7Kpil
pB5sFgJtvIRlFD/Hd68grrd5//09eMmwlmIZjlVYwbHF3splGlc+2vSyWxBwqjOp
HsnJrdWIhoaJ+mbgyrZCzjERHAwiNSEzgaT1Vb1bx6NUuUaTvgvb1s67IlEtFM+U
N3tGr+wXaNlrBesX5BDm5OBNv8WY1vatoJJBa5fI+NTqL2MQWNYwliTVW87j13Y9
AyECbB88tcHm0FiN7hU3ulN/5JCgpv5av9PKYRj5D9DdW4KOGgMMwmhsoehXpMHG
RLlAM/nrBqMyJygccQiqezkaqSuya2Tj0/rKXVlfv0YhYCpQjI7k/JF7rGd6LHRl
K+LHYOKvyYiz6LYqeSJapGdNYvYZ6y7AyM8Dz1/K1THUhqpOB9qUWXq0aabQ6VEr
CMHjs7JupnoCiZCSiby6XnBr4lxrA2Ax3k0qpgfq5FoS5dWU16kSeg9bs/c/a1CH
09R/qu0SS4zQ3SKYON/9hFUQIJDA/46zZ6HtMkVfV0e4MGREpIGZVGgXNhr4Y3H8
MKSxdW48lkvPqwIOB1iuYFdZGK/xgYT/FZxnSwLKjF89DnC3IcC1lR3MbRSzAl/8
A8u5Q4FzRRJjBOegtHjasCU3nm9V2R9DQc1L9ScHGqiaPmMzcBPfyGJC67iSSYp5
UFrjbLjqV5I7ThXD52BS
=qbSp
-----END PGP SIGNATURE-----
News for package spip
