Debian Bug report logs -
#671264
[CVE-2012-2151] spip: multiple XSS
Reported by: Luciano Bello <luciano@debian.org>
Date: Wed, 2 May 2012 20:09:01 UTC
Severity: grave
Tags: security, upstream
Merged with 670110
Found in versions spip/2.1.1-3squeeze2, spip/2.1.12-1
Fixed in versions spip/2.1.1-3squeeze3, spip/2.1.13-1
Done: David Prévot <taffit@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
:
Bug#671264
; Package spip
.
(Wed, 02 May 2012 20:09:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>
:
New Bug report received and forwarded. Copy sent to SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
.
(Wed, 02 May 2012 20:09:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: spip
Severity: grave
Tags: security
The following vulnerability has been reported against spip:
http://www.openwall.com/lists/oss-security/2012/05/01/4
Please use CVE-2012-2151 for this issue.
Cheers,
luciano
Information forwarded
to debian-bugs-dist@lists.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
:
Bug#671264
; Package spip
.
(Thu, 03 May 2012 00:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to David Prévot <david@tilapin.org>
:
Extra info received and forwarded to list. Copy sent to SPIP packaging team <spip-maintainers@lists.alioth.debian.org>
.
(Thu, 03 May 2012 00:03:03 GMT) (full text, mbox, link).
Message #10 received at 671264@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
forcemerge 670110 671264
thanks
Hi Luciano
Le 02/05/2012 15:57, Luciano Bello a écrit :
> The following vulnerability has been reported against spip:
> http://www.openwall.com/lists/oss-security/2012/05/01/4
>
> Please use CVE-2012-2151 for this issue.
Thanks, this has already been fixed by DSA-2461-1 in 2.1.1-3squeeze3
(and 2.1.13-1 in Sid), but we were not aware of a CVE at that time.
Can the CVE information be added to the security tracker?
Regards
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPocotAAoJELgqIXr9/gnyl8sP/joPO9RtSoDqjD983mtm12sd
ZTiVJlEcz+DbenICZY2VM3dOOnw+eSrUKJ37W61SK08U2stUI/94nhXoQeYRKC+P
+zpnKyMdzd1/L6bjXSN5Pziv1p7eV4C0/A81kxlgNQohSbDBaKhzlyT/8hMVC59J
+4Jz1xPTvcJhwuDQH7pM2OBdn9Z92fRu4BFmknlGog1ZQIphnNqYOYhSzp2NENsS
DlgUhjoW5Dld1Iosc7SdN8Bu1vIFnvY3dEGFnczcHmXdrMUh4pYJVq1rlbsXxvW/
nims5OXBJqH0FMwb5pS9DgPkuaAGGxP8KsxFGaK8C1dDvha7fFT13eZzT23wwvP5
EupTvRQb3fgr/RJGbvFjloq4jpDlQl9qJfbpriMcLGjLqeRQRe5wIAVTSSYEJ0HZ
9fcenhzvAWafJRaOwbZ5OJceiJLkGyznQyz3lMoA/20Zf1zdtf57YHIVYuCYbV7L
ABgWG7gXpu33XWpwqhGp4IgVHRVb+/IDdV6TSKbykihnmeTUUzVVgQkw4fEVCgmH
I9Xvpxx6K0dBRkeWrArOB8XdsPwU6Caorhi0gEwwV02e0pv9en9HbEEG7L9tpkIb
fKy9MGBSCn7pXUgZM/1uK9ibedLR3BYcZRRzBWn8Dw1uLxqJkXAD1o2hVNzOFTpS
i1cyvYnJgmaS6OMPFoWj
=wyjP
-----END PGP SIGNATURE-----
Marked Bug as done
Request was from David Prévot <david@tilapin.org>
to control@bugs.debian.org
.
(Thu, 03 May 2012 00:03:05 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>
:
Bug acknowledged by developer.
(Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).
Marked as fixed in versions spip/2.1.1-3squeeze3 and spip/2.1.13-1.
Request was from David Prévot <david@tilapin.org>
to control@bugs.debian.org
.
(Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).
Marked as found in versions spip/2.1.1-3squeeze2 and spip/2.1.12-1.
Request was from David Prévot <david@tilapin.org>
to control@bugs.debian.org
.
(Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from David Prévot <david@tilapin.org>
to control@bugs.debian.org
.
(Thu, 03 May 2012 00:03:07 GMT) (full text, mbox, link).
Merged 670110 671264
Request was from David Prévot <david@tilapin.org>
to control@bugs.debian.org
.
(Thu, 03 May 2012 00:03:08 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 31 May 2012 07:34:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:08:03 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.