-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 10 Jun 2018 14:57:12 -1000 Source: spip Binary: spip Architecture: source Version: 3.1.4-4 Distribution: unstable Urgency: medium Maintainer: David Prévot <taffit@debian.org> Changed-By: David Prévot <taffit@debian.org> Description: spip - website engine for publishing Closes: 879954 899895 Changes: spip (3.1.4-4) unstable; urgency=medium . * Update security screen to 1.3.6 * Backport security fixes from 3.1.7 - Do not disclose PHP version in headers - Secure inserted URL in anchors - Secure URLs sent by self() - Escape charset in error message - Allow filter mode to be passed in interdire_scripts() - No onclick nor JS popup in footer - Fix missing escapes - Secure _T() and _L() arguments - Provide a sanitize option for _T() and _L() - Deactivate sanitization when calling _T() in affdate_debut_fin() that uses secured data - Cross-site scripting (XSS) vulnerability [CVE-2017-15736] (Closes: #879954) - [Privacy] add rel attribute (noopener noreferrer) in private footer * Backport security fix from 3.1.8 - PHP injection via XML file * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895) * Move project repository to salsa.d.o Checksums-Sha1: e8476560faafff2f6e8a7a98621137256169443a 1452 spip_3.1.4-4.dsc ac7dbf7550dab269d1c7b0f48f3bb255aebdce81 88484 spip_3.1.4-4.debian.tar.xz Checksums-Sha256: 984cfbecc3ca82667e8c8dbbbabd78b4275a3a606e40408bf8116b25bc34c2ac 1452 spip_3.1.4-4.dsc aa4de988ca7a0e217514b5e5778320c4868d6b2124d6caafb409d7bc1e00de60 88484 spip_3.1.4-4.debian.tar.xz Files: cb5f2ae320b34ecd759bdfd17e8f792f 1452 web extra spip_3.1.4-4.dsc ab0971c9c6da84b585b409b13e88b7dd 88484 web extra spip_3.1.4-4.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAlsd4gQACgkQBYwc+UT2 vTwyIgf/VOIdJWalCFB35b9OrS8HzTBc4kFmkJjKCEotlIHswDo2ZjE6YmUSEFoK iXn1P58BKhrfVPO9scI3QrmHB9EUZmNdaVcguYmHDQ7gRxlmEmqGHzj63tgkmEYo qSgngIb2cfZ3dHU14LeUQh9Jeo8Bj2wdv+0X6oSoZaNvkR9eJdcOLZB4f+z9UTKE NskSWirz1k25EOi/VINGFlwQPZ14gvaI6kb63VmNHq1SOAUvhgsaiHw1icpY6dje gFsTbWlRP9LQi/V3Xt7Oa/fEvphmqvPY6RXxnWAeBvBtj0IcFm2BiaGAx2RibBK9 I8kQLgTv8xL4gPiERs47a+Oa5lC3dA== =SdgD -----END PGP SIGNATURE-----