-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 10 Jun 2018 19:15:29 -1000 Source: spip Binary: spip Architecture: source all Version: 3.0.17-2+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: SPIP packaging team <spip-maintainers@lists.alioth.debian.org> Changed-By: David Prévot <taffit@debian.org> Description: spip - website engine for publishing Changes: spip (3.0.17-2+deb8u4) jessie-security; urgency=medium . * Update security screen to 1.3.6 * Backport security fixes from 3.0.27 - Secure inserted URL in anchors - Secure URLs sent by self() - Escape charset in error message - Allow filter mode to be passed in interdire_scripts() - No onclick nor JS popup in footer - [Privacy] add rel attribute (noopener noreferrer) in private footer - PHP injection via XML file Checksums-Sha1: 5b401f44faf9bdd250f2d46282f5277cf7962b46 1610 spip_3.0.17-2+deb8u4.dsc a5b21423280e0c092db44da9958a8ea1a13082fc 89760 spip_3.0.17-2+deb8u4.debian.tar.xz b1c75dcb4bd9230fa20314d82d19e05a537f45b1 4824480 spip_3.0.17-2+deb8u4_all.deb Checksums-Sha256: c07360d910fbc26b817cd110e8ba04b01be3a51c33cf4de7d2d6f37f5045a2e3 1610 spip_3.0.17-2+deb8u4.dsc e598a0aa679a8907e1cb9f18e77106f4bbd01e1292d2ba864f6d4d7988e4969a 89760 spip_3.0.17-2+deb8u4.debian.tar.xz 281fb6862bec599cce0bf94843aa42c090b2a98ca67b145eef101eeda826b7e4 4824480 spip_3.0.17-2+deb8u4_all.deb Files: d861c7352c81e4f93c54268ca64d2832 1610 web extra spip_3.0.17-2+deb8u4.dsc fedb1deb24f6bde38fa23e4d524bd8e0 89760 web extra spip_3.0.17-2+deb8u4.debian.tar.xz 2894f0129778323a56f5410d40e846ce 4824480 web extra spip_3.0.17-2+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAlsheykACgkQBYwc+UT2 vTzBNggAhiHEdWre/42cMXNtzceRWfH/tbx8gjHuHctWn5uHeXGIE6ae0qj34DFj mgkObBjY2ianyCAb/pydTdPDII+0TCFQTULr9s6FLbEfFMoCLrDpm2REPjS1NI6z pQWYV1A8RT1wubmeBGG+CeR+vRo4wPezUSTNn/vIwtV1hykfHwf9RIaVuYVoYWcy XJFb1TikF++Kkz6B+vEpNSoIa42NfjUCdtl+XPDFyexFWJmg+kfZUDX4CeCFgRoV L2sDwsI0q38NG9ECsqsW8r9z1lnCYD35n2Xld3PdghLYXqWrMj32RE7JcV2vtiQU RL8D7q1CzxJjD2iPtIFQ1hCclr9wlQ== =RyX1 -----END PGP SIGNATURE-----