Change log for spip package in Debian
1 → 75 of 148 results | First • Previous • Next • Last |
Published in experimental-release |
spip (4.3.0~alpha.2+dfsg-1) experimental; urgency=medium [ Cerdic ] * feat: une fonction `attribut_url()` pour formatter une URL qui doit être utilisée dans un attribut html * fix: utiliser la fonction attribut_url() pour insérer une url dans un lien html [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.16.0 * build: version 4.3.0-alpha2 [ RastaPopoulos ] * fix: surcharge la fonction `propre()` pour pouvoir l'appliquer sans erreur dans les squelettes -- David Prévot <email address hidden> Fri, 31 May 2024 08:08:12 +0200
Published in sid-release |
spip (4.2.13+dfsg-1) unstable; urgency=medium [ Cerdic ] * fix: éviter une preg sur les longues chaînes si pas necessaire (perf issue) * feat: une fonction `attribut_url()` pour formatter une URL qui doit être utilisée dans un attribut html * fix: utiliser la fonction attribut_url() pour insérer une url dans un lien html [ Matthieu Marcillaud ] * build: up ecran de sécurité en version 1.16.0 * build: version 4.2.13 [ b_b ] * fix: rétablir la possibilité de masquer certains champs des formulaires editer_article & editer_rubrique depuis le pipeline `formulaire_charger` [ David Prévot ] * Track version 4.2 for now -- David Prévot <email address hidden> Fri, 31 May 2024 07:45:50 +0200
Available diffs
- diff from 4.2.12+dfsg-1 to 4.2.13+dfsg-1 (22.1 KiB)
Superseded in experimental-release |
spip (4.3.0~alpha+dfsg-1) experimental; urgency=medium * Upload alpha to experimental [ Matthieu Marcillaud ] * build: version 4.3.0-alpha [ David Prévot ] * Update copyright -- David Prévot <email address hidden> Thu, 09 May 2024 19:20:58 +0200
Superseded in sid-release |
spip (4.2.12+dfsg-1) unstable; urgency=medium [ jluc ] * fix: Sur `email_valide`, éviter une regexp s'il n'y a rien à tester [ Matthieu Marcillaud ] * build: version 4.2.12 [ Cerdic ] * fix: ne pas interrompre la chaine de calcul des autorisations quand on appel autoriser() avec un id_auteur=0 ou inexistant * fix: ne pas provoquer une fatale quand on essaye de securiser une action qui a été appelée sans arg ni hash [ nicod_ ] * fix: Une seule requête plus fiable pour tester l'unicité de l'email * fix: Passer #debug-nav par dessus #spip-debug [ JamesRezo ] * feat: dépréciation formulaire_recherche() [ b_b ] * fix: éviter un débordement du contenu des explications dans les formulaires de l'espace privé * fix: lors de la génération d'un nouveau mot de passe pour un auteur, ne pas envoyer d'email si SPIP n'a pas pu le modifier * fix: supprimer le DOCTYPE et les commentaires des SVG dans le filtre `balise_svg` [ touti ] * fix: éviter que les identifiants se retrouvent sur deux lignes -- David Prévot <email address hidden> Wed, 08 May 2024 09:33:54 +0200
Available diffs
- diff from 4.2.11+dfsg-1 to 4.2.12+dfsg-1 (152.1 KiB)
Superseded in sid-release |
spip (4.2.11+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version SPIP 4.2.11 [ JamesRezo ] * feat: PHP maxi 8.3 [ David Prévot ] * debian/rules: Fix get-orig-source * debian/control: Update Standards-Version to 4.7.0 -- David Prévot <email address hidden> Wed, 10 Apr 2024 08:00:15 +0200
Available diffs
- diff from 4.2.9+dfsg-2 to 4.2.11+dfsg-1 (23.6 KiB)
Superseded in sid-release |
spip (4.2.10+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * fix: Affichage de Minipres avec des contenus imprévus (warnings php par exemple) * build: Version SPIP 4.2.10 [ jluc ] * fix: Ne pas relancer par mail la validation de l'inscription des auteurs sans mail [ Cerdic ] * fix: Éviter une fuite mémoire dans `generer_objet_info()`. [ nicod ] * fix: ne pas réduire les icones en largeur en mode horizontal [ David Prévot ] * Adapt get-orig-source to Gitlab hosting * Force system dependencies loading -- David Prévot <email address hidden> Sat, 09 Mar 2024 16:39:54 +0100
Superseded in sid-release |
spip (4.2.9+dfsg-2) unstable; urgency=medium * Upload compatible version with PHP 8.2 to unstable * Relax versioned dependency -- David Prévot <email address hidden> Mon, 04 Mar 2024 22:21:40 +0100
Available diffs
- diff from 4.1.15+dfsg-1 to 4.2.9+dfsg-2 (1.1 MiB)
Deleted in experimental-release (Reason: None provided.) |
spip (4.2.9+dfsg-1) experimental; urgency=medium [ JLuc ] * fix: `identifiant_slug()` peut avoir un séparateur vide * fix: toujours loger une erreur de squelette [ Matthieu Marcillaud ] * fix: Éviter une fatale SQL lors de l’optimisation de liens avec des objets éditoriaux qui ne sont plus déclarés * fix: Tolérer un zéro dans l’analyse de certains critères `{critere 0,5}` * build: Version SPIP 4.2.9 [ Cerdic ] * fix: ne pas oublier de déclarer les balise générique comme 'balise_calculee' pour éviter son échappement dans les boucles (DATA) -- David Prévot <email address hidden> Fri, 09 Feb 2024 10:10:08 +0100
Published in bullseye-release |
spip (3.2.11-3+deb11u10) bullseye; urgency=medium * Backport security fix from 4.1.13 - fix XSS when calling some templates -- David Prévot <email address hidden> Thu, 21 Dec 2023 19:27:21 +0100
Published in bookworm-release |
spip (4.1.9+dfsg-1+deb12u4) bookworm; urgency=medium * Backport security fix from 4.1.15 - fix XSS in uploaded files using bigup -- David Prévot <email address hidden> Fri, 12 Jan 2024 13:42:36 +0100
Superseded in sid-release |
spip (4.1.15+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: version 4.1.14 Fixes XSS in uploaded files using bigup -- David Prévot <email address hidden> Fri, 12 Jan 2024 12:20:29 +0100
Available diffs
- diff from 4.1.13+dfsg-1 to 4.1.15+dfsg-1 (2.0 KiB)
Superseded in experimental-release |
spip (4.2.8+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: version 4.2.8 Fixes XSS in uploaded files using bigup -- David Prévot <email address hidden> Fri, 12 Jan 2024 13:25:02 +0100
Superseded in experimental-release |
spip (4.2.7+dfsg-1) experimental; urgency=medium [ nicod_ ] * fix: boutons de gestion du logo en btn_mini et supprimer en btn_secondaire [ Maïeul Rouquette ] * fix: lors d'une institution, passer l'objet aux pipelines `pre_edition` et `post_editon` * fix(#5752): formulaire multiétapes: si tout est bien passé, recommencer à zéro et pas à la dernière étape [ Matthieu Marcillaud ] * fix: Traitement identique du paramètre type dans `autoriser_exception` et `autoriser` * build: version 4.2.7 [ RealET ] * fix: un warning PHP avec var_profile=1 [ placido ] * fix : erreur d'exécution en cas (tordu) d'appel sur image manquante [ Cerdic ] * fix: si on installe un SPIP neuf sur une base sans champ backup_cles on ne peut pas créer de compte webmestre car on ne peut pas initialiser son mot de passe, la requete update echouant * fix(ux): ne pas avoir un bouton 'annuler le job' qui ressemble à un bouton 'fermer la notification' + une classe en trop * fix: si la lecture d'un stream ne trig jamais feof, se fier à fread()===false + reduire le timeout pour eviter de degrader trop les perf * fix: un nom plus long pour les caches d'image distant pour eviter les collisions, tout en renommant les anciens cache à la volée pour eviter de doublonner les caches * fix: quand le texte passe par echapper_html_suspect() il ne faut pas perdre le contexte des modèles * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur [ tofulm ] * Fix: Évite une fatal error en php 8.2 sur `objet_inserer` et `article_inserer` [ David Prévot ] * Update mutualisation to 1.4.13 -- David Prévot <email address hidden> Thu, 21 Dec 2023 22:15:54 +0100
Superseded in sid-release |
spip (4.1.13+dfsg-1) unstable; urgency=medium [ Cerdic ] * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur [ Matthieu Marcillaud ] * build: version 4.1.13 [ David Prévot ] * Update mutualisation to 1.4.13 -- David Prévot <email address hidden> Thu, 21 Dec 2023 13:42:01 +0100
Available diffs
- diff from 4.1.12+dfsg-1 to 4.1.13+dfsg-1 (3.0 KiB)
Superseded in bullseye-release |
spip (3.2.11-3+deb11u9) bullseye; urgency=medium * Backport security fix from 4.1.11 - use an auth_desensibiliser_session() function to centralize extended authentification data filtering. -- David Prévot <email address hidden> Sat, 08 Jul 2023 20:38:26 +0200
Superseded in experimental-release |
spip (4.2.6+dfsg-1) experimental; urgency=medium [ Maïeul Rouquette ] * fix(5725): Lorsque l'on appelle plus de 10 fois un modèle inexistant, ne pas bloquer les appels qui suivent. [ RastaPopoulos ] * fix(5723): corriger le renseignement des JPG où parfois ça mettait jpeg au lieu de jpg et donc empêchait leur prise en compte. [ Matthieu Marcillaud ] * fix: Éviter une erreur Sodium sur la migration vers SPIP 4.2 si des jetons d’auteurs sont présents * build: Version SPIP 4.2.6 -- David Prévot <email address hidden> Fri, 06 Oct 2023 07:59:56 +0200
Superseded in sid-release |
spip (4.1.12+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version 4.1.12 [ David Prévot ] * Update mutualisation to 1.4.12 -- David Prévot <email address hidden> Thu, 07 Sep 2023 15:44:28 +0530
Available diffs
- diff from 4.1.11+dfsg-1 to 4.1.12+dfsg-1 (2.2 KiB)
Superseded in experimental-release |
spip (4.2.5+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: Version SPIP 4.2.5 [ David Prévot ] * Update mutualisation to 1.4.12 -- David Prévot <email address hidden> Sun, 03 Sep 2023 23:38:05 +0530
Superseded in bookworm-release |
spip (4.1.9+dfsg-1+deb12u2) bookworm; urgency=medium * Backport security fix from 4.1.11 - use an auth_desensibiliser_session() function to centralize extended authentification data filtering. -- David Prévot <email address hidden> Sat, 08 Jul 2023 20:29:04 +0200
Superseded in sid-release |
spip (4.1.11+dfsg-1) unstable; urgency=medium [ Cerdic ] * security: Utiliser une fonction dédiée pour nettoyer les données d’auteur lors de la préparation d’une session [ Matthieu Marcillaud ] * build: Version 4.1.11 -- David Prévot <email address hidden> Sat, 08 Jul 2023 20:16:37 +0200
Available diffs
- diff from 4.1.10+dfsg-1 to 4.1.11+dfsg-1 (3.9 KiB)
Superseded in experimental-release |
spip (4.2.4+dfsg-1) experimental; urgency=medium [ Cerdic ] * security: Utiliser une fonction dédiée pour nettoyer les données d’auteur lors de la préparation d’une session [ Matthieu Marcillaud ] * build: Version 4.2.4 -- David Prévot <email address hidden> Sat, 08 Jul 2023 20:09:50 +0200
Superseded in sid-release |
spip (4.1.10+dfsg-1) unstable; urgency=medium [ Cerdic ] * security: limiter la profondeur de recursion de `protege_champ` * security: Ameliorer c76770a en évitant un `unserialize` dans l'écran de sécurité [ Matthieu Marcillaud ] * build: Version 4.1.10 * build: Up écran de sécu en 1.5.3 [ David Prévot ] * Add CVE to previous changelog entry * Update documented branch * Update mutualisation to 1.4.11 -- David Prévot <email address hidden> Fri, 09 Jun 2023 08:07:59 +0200
Available diffs
- diff from 4.1.9+dfsg-1 to 4.1.10+dfsg-1 (9.8 KiB)
Superseded in experimental-release |
spip (4.2.3+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * build: Up écran de sécu en 1.5.3 * build: Version 4.2.3 [ David Prévot ] * Build-depend on php-symfony-deprecation-contracts -- David Prévot <email address hidden> Thu, 08 Jun 2023 08:07:56 +0200
Superseded in experimental-release |
spip (4.2.2+dfsg-1) experimental; urgency=medium * Upload to experimental during the freeze [ Matthieu Marcillaud ] * build: Version SPIP 4.2.2 [ David Prévot ] * Install upstream README * Update copyright * Update mutualisation to 1.4.11 * Update dependencies wrt composer.json * Build JavaScript Load Image from source * Provide homemade autoload.php [ Guilhem Moulin ] * Add d/salsa-ci.yml for Salsa CI. -- David Prévot <email address hidden> Thu, 25 May 2023 14:23:52 +0200
Superseded in bullseye-release |
spip (3.2.11-3+deb11u7) bullseye-security; urgency=medium * Backport security fixes from v3.2.18 - Fix remote code execution vulnerability in forms [CVE-2023-27372] - Bump security screen to 1.5.0 * Backport regression fix from v3.2.19 - Fix plugins dependencies activation -- David Prévot <email address hidden> Tue, 28 Feb 2023 22:51:50 +0100
spip (4.1.9+dfsg-1) unstable; urgency=medium [ Cerdic ] * fix: eviter une erreur fatale quand le id de l'objet supposé pour l'introduction n'est pas trouvé [ Matthieu Marcillaud ] * build: Version SPIP 4.1.9 -- David Prévot <email address hidden> Tue, 28 Feb 2023 21:25:27 +0100
Available diffs
- diff from 4.1.7+dfsg-1 to 4.1.9+dfsg-1 (10.1 KiB)
Superseded in sid-release |
spip (4.1.8+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version SPIP 4.1.8 [ Cerdic ] * Fix: Sanitizer toutes les valeurs passées aux formulaires * fix: Sanitizer toutes les valeurs passées aux formulaires preventivement dans l'écran de sécurité [ Guilhem Moulin ] * Add d/salsa-ci.yml for Salsa CI. [ David Prévot ] * Track version 4.1 for now (bookworm?) -- David Prévot <email address hidden> Mon, 27 Feb 2023 23:11:50 +0100
Superseded in sid-release |
spip (4.1.7+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version 4.1.7 [ David Prévot ] * Update lintian override info format in d/source/lintian-overrides. * Update standards version to 4.6.2, no changes needed. -- David Prévot <email address hidden> Sat, 14 Jan 2023 12:24:58 +0100
Available diffs
- diff from 4.1.5+dfsg-1 to 4.1.7+dfsg-1 (28.1 KiB)
Published in buster-release |
spip (3.2.4-1+deb10u9) buster-security; urgency=medium * Backport security fixes from 3.2.16 - Remote code execution - XSS alowing priviledge escalation -- David Prévot <email address hidden> Sat, 23 Jul 2022 09:44:41 +0200
Superseded in bullseye-release |
spip (3.2.11-3+deb11u5) bullseye-security; urgency=medium * Backport security fixes from 3.2.16 - Remote code execution - XSS alowing priviledge escalation -- David Prévot <email address hidden> Fri, 22 Jul 2022 20:07:47 +0200
Superseded in sid-release |
spip (4.1.5+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * build: Version 4.1.5 [ David Prévot ] * Update mutualisation to 1.4.10 -- David Prévot <email address hidden> Fri, 22 Jul 2022 08:21:53 +0200
Available diffs
- diff from 4.1.2+dfsg-1 to 4.1.5+dfsg-1 (56.3 KiB)
Superseded in bullseye-release |
spip (3.2.11-3+deb11u4) bullseye-security; urgency=high * Backport security fix from 3.2.15 - Sanitizing and other XSS protections -- David Prévot <email address hidden> Tue, 24 May 2022 16:22:53 +0200
Superseded in sid-release |
spip (4.1.2+dfsg-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.2 [ David Prévot ] * Update mutualisation to 1.4.9 * debian/rules: Don’t ship any .md file -- David Prévot <email address hidden> Mon, 23 May 2022 21:44:51 +0200
Available diffs
- diff from 4.1.1+dfsg-1 to 4.1.2+dfsg-1 (34.5 KiB)
Superseded in sid-release |
spip (4.1.1+dfsg-1) unstable; urgency=medium * Upload release to unstable [ Matthieu Marcillaud ] * Version 4.1.1 -- David Prévot <email address hidden> Wed, 13 Apr 2022 09:25:47 +0200
Available diffs
- diff from 4.0.4-1 to 4.1.1+dfsg-1 (886.8 KiB)
Superseded in buster-release |
spip (3.2.4-1+deb10u7) buster-security; urgency=high * Backport security fix from 3.2.14 - arbitrary PHP code execution -- David Prévot <email address hidden> Sat, 05 Mar 2022 17:17:35 +0100
Superseded in bullseye-release |
spip (3.2.11-3+deb11u3) bullseye-security; urgency=high * Backport security fix from 3.2.14 - arbitrary PHP code execution -- David Prévot <email address hidden> Sat, 05 Mar 2022 17:08:04 +0100
spip (4.0.5-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 4.0.5 [ David Prévot ] * Track version 4.0 for now -- David Prévot <email address hidden> Sat, 05 Mar 2022 15:49:46 +0100
Deleted in experimental-release (Reason: None provided.) |
spip (4.1.0~rc+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.0-rc [ David Prévot ] * Adapt packaging to removed files -- David Prévot <email address hidden> Sat, 05 Mar 2022 17:55:33 +0100
Superseded in experimental-release |
spip (4.1.0~beta+dfsg-1) experimental; urgency=medium [ Matthieu Marcillaud ] * Version 4.1.0-beta -- David Prévot <email address hidden> Sat, 19 Feb 2022 10:46:26 -0400
Superseded in experimental-release |
spip (4.1.0~alpha+dfsg-1) experimental; urgency=medium * Upload alpha to experimental [ Matthieu Marcillaud ] * Version 4.1.0-alpha [ David Prévot ] * Track dev versions * Don’t ship test data * Drop php-pclzip dependency * Use libjs-jquery-jstree * Update copyright * Use shipped version of php-xml-htmlsax3 -- David Prévot <email address hidden> Sat, 12 Feb 2022 11:34:15 -0400
spip (4.0.4-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 4.0.4 [ b_b ] * bien verifier le droit de modifier le login dans le formulaire_editer_auteur [ David Prévot ] * Revert "Use libjs-sortable" -- David Prévot <email address hidden> Sat, 05 Feb 2022 09:45:17 -0400
Available diffs
- diff from 4.0.2-1 to 4.0.4-1 (6.6 KiB)
spip (4.0.2-1) unstable; urgency=medium * Upload version compatible with PHP 8 to unstable [ Matthieu Marcillaud ] * Version 4.0.2 -- David Prévot <email address hidden> Tue, 25 Jan 2022 18:18:01 -0400
Available diffs
- diff from 3.2.12-1 to 4.0.2-1 (3.5 MiB)
Deleted in experimental-release (Reason: None provided.) |
spip (4.0.1-1) experimental; urgency=medium * Upload new major version to experimental [ Matthieu Marcillaud ] * Version 4.0.1 * PHP 8 compat (Closes: #977340) [ David Prévot ] * Revert "Track version 3 for now" * Factorize minification * Don’t ship: - vcs-control-file, - composer, phpcs, phpstan files, - icones sources * Drop dependencies: - libjs-jquery-ui - libjs-jquery-colorbox - libjs-jquery-flot - libjs-jquery-migrate-1 - libjs-excanvas - libjs-moment * Add dependencies: - libjs-twitter-bootstrap-datepicker - libjs-sortable - libjs-prefix-free * Update js.cookie.js path * Update copyright -- David Prévot <email address hidden> Fri, 24 Dec 2021 16:36:42 -0400
spip (3.2.12-1) unstable; urgency=medium [ Matthieu Marcillaud ] * Version 3.2.12 [ David Prévot ] * Track version 3 for now * Update copyright (years) * Update standards version to 4.6.0, no changes needed. * Drop misplaced changelog -- David Prévot <email address hidden> Tue, 14 Dec 2021 11:47:02 -0400
Available diffs
- diff from 3.2.11-3 to 3.2.12-1 (37.1 KiB)
spip (3.2.11-3) unstable; urgency=medium * Adapt symlink to changed path in latest node-js-cookie. Thanks to Andreas Beckmann <email address hidden> (Closes: #988853) -- David Prévot <email address hidden> Fri, 21 May 2021 11:14:54 -0400
Available diffs
- diff from 3.2.11-2 to 3.2.11-3 (579 bytes)
spip (3.2.11-2) unstable; urgency=medium * Upload to unstable with the Release Team approval * Update debian/copyright -- David Prévot <email address hidden> Fri, 26 Mar 2021 15:37:27 -0400
Available diffs
- diff from 3.2.9-1 to 3.2.11-2 (86.5 KiB)
Superseded in buster-release |
spip (3.2.4-1+deb10u4) buster-security; urgency=high * Document CVE IDs in previous changelog entries * Backport security fixes from 3.2.9 - PHP injections, XSS and secrets stored in session file -- David Prévot <email address hidden> Fri, 05 Feb 2021 11:35:35 -0400
Deleted in experimental-release (Reason: None provided.) |
spip (3.2.11-1) experimental; urgency=medium * Upload to experimental during the freeze [ Matthieu Marcillaud ] * Compat PHP 7.4 * Version SPIP 3.2.11 [ David Prévot ] * Refresh patches header -- David Prévot <email address hidden> Fri, 26 Mar 2021 13:45:07 -0400
spip (3.2.9-1) unstable; urgency=medium * Critical security fixes, allowing identified authors to execute arbitrary PHP code, and XSS [ Matthieu Marcillaud ] * Version 3.2.9 [ David Prévot ] * Update mutualisation to 1.4.7 * Simplify gbp import-orig -- David Prévot <email address hidden> Fri, 12 Feb 2021 14:33:59 -0400
Available diffs
- diff from 3.2.8-2 to 3.2.9-1 (13.7 KiB)
spip (3.2.8-2) unstable; urgency=medium * Document CVE IDs in previous changelog entries * Use minify instead of uglifyjs (Closes: #979960) * Update watch file format version to 4. * Update Standards-Version to 4.5.1 * Drop d/lintian-overrides, syntax changed -- David Prévot <email address hidden> Tue, 12 Jan 2021 09:11:37 -0400
Available diffs
- diff from 3.2.8-1 to 3.2.8-2 (1.7 KiB)
Superseded in buster-release |
spip (3.2.4-1+deb10u3) buster-security; urgency=medium * Backport security fixes from 3.2.8 - Critical security issue, allowing identified authors to execute arbitrary PHP code -- David Prévot <email address hidden> Mon, 23 Nov 2020 12:10:16 -0400
spip (3.2.8-1) unstable; urgency=medium * Critical security fix, allowing identified authors to execute arbitrary PHP code [ Matthieu Marcillaud ] * Version 3.2.8 [ David Prévot ] * Allow Apache to access some directories in /var/lib/spip/sites/ Thanks to Vincent * Rename main branch to debian/latest (DEP-14) * debian/watch: Adapt to lowercase spip * debian/control: - Set Rules-Requires-Root: no. - Update standards version to 4.5.0, no changes needed - Use debhelper-compat 13 * debian/rules: - Simplify dh_link override - Adapt get-orig-source to Git source * debian/mutualisation: - Update mutualisation as of r125427 - Update mutualisation to Git source * debian/upstream/metadata: - Set upstream metadata fields: Bug-Database, Bug-Submit. - Fix URLs * debian/copyright: - Update Source - Update years -- David Prévot <email address hidden> Tue, 29 Sep 2020 17:03:05 -0400
Available diffs
- diff from 3.2.7-1 to 3.2.8-1 (801.0 KiB)
Published in stretch-release |
spip (3.1.4-4~deb9u3) stretch-security; urgency=medium * Backport security fixes from 3.1.11 - Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database [CVE-2019-16391] - Other security fixes: + better sanitization on redirections [CVE-2019-16393] + don’t disclose if user exists when resetting password [CVE-2019-16394] + better error message sanitization on login page [CVE-2019-16392] - Update security screen to 1.3.12 * Add CVE ID to previous changelog entry -- David Prévot <email address hidden> Mon, 16 Sep 2019 12:02:26 -1000
Superseded in buster-release |
spip (3.2.4-1+deb10u2) buster-security; urgency=medium * Backport security fix from 3.2.7 - Critical security fix, allowing identified authors to inject content into database - Update security screen to 1.3.13 * Fix PHP 7.3 compatibility issue. The regex were wrong, and started failing with PHP 7.3, causing plugins to be disabled and impossible to be enable back on upgrade. -- David Prévot <email address hidden> Thu, 12 Dec 2019 10:22:39 -1000
spip (3.2.7-1) unstable; urgency=medium * Critical security fix, allowing identified authors to inject content into database [ <email address hidden> ] * SPIP 3.2.7 [ David Prévot ] * Add CVE ID to previous changelog entry * Update standards version to 4.4.1, no changes needed. * Set upstream metadata fields: Repository, Repository-Browse. -- David Prévot <email address hidden> Thu, 12 Dec 2019 10:02:58 -1000
Available diffs
- diff from 3.2.5-1 to 3.2.7-1 (6.8 KiB)
Superseded in buster-release |
spip (3.2.4-1+deb10u1) buster-security; urgency=medium * Backport security fixes from 3.2.5 - Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database [CVE-2019-16391] - Other security fixes: + better sanitization on redirections [CVE-2019-16393] + don’t disclose if user exists when resetting password [CVE-2019-16394] + better error message sanitization on login page [CVE-2019-16392] - Update security screen to 1.3.12 * Add d/gbp.conf for buster * Add CVE ID to previous changelog entry * Refresh patch headers -- David Prévot <email address hidden> Mon, 16 Sep 2019 11:45:48 -1000
spip (3.2.5-1) unstable; urgency=medium * Critical security fix, allowing unidentified visitor to modify any published content and execute other modifications in database * Other security fixes: - better sanitization on redirections - don’t disclose if user exists when resetting password - better error message sanitization on login page [ <email address hidden> ] * SPIP 3.2.5 [ David Prévot ] * Add CVE ID to previous changelog entry * Refresh patch headers * Update standards version, no changes needed. * Fix manpage section -- David Prévot <email address hidden> Mon, 16 Sep 2019 09:01:57 -1000
Available diffs
- diff from 3.2.4-1 to 3.2.5-1 (17.4 KiB)
Superseded in stretch-release |
spip (3.1.4-4~deb9u2) stretch-security; urgency=medium * Update security screen to 1.3.11 * Backport security fix from 3.1.10 - Arbitrary code execution for any identified visitor (Closes: #926764) -- David Prévot <email address hidden> Wed, 10 Apr 2019 16:26:35 +0900
spip (3.2.4-1) unstable; urgency=medium * Critical security fix allowing arbitrary code execution to any identified visitor [ <email address hidden> ] * SPIP 3.2.4 -- David Prévot <email address hidden> Wed, 10 Apr 2019 14:21:19 +0900
Available diffs
- diff from 3.2.3-1 to 3.2.4-1 (11.0 KiB)
spip (3.2.3-1) unstable; urgency=medium [ <email address hidden> ] * SPIP 3.2.3 tag spip [ David Prévot ] * Update mutualisation to 1.4.5 * Update copyright * Use debhelper-compat 12 * Update Standards-Version to 4.3.0 -- David Prévot <email address hidden> Thu, 24 Jan 2019 11:27:02 -1000
Available diffs
- diff from 3.2.1-1 to 3.2.3-1 (1.0 MiB)
spip (3.2.1-1) unstable; urgency=medium [ David Prévot ] * New upstream version * Use priority optional * Update mutualisation to 1.4.4 * Drop dead list from Maintainer (and Romain from Uploaders) Closes: #899895 * Move project repository to salsa.d.o * Use https whenever possible in debian/ * Use debhelper-compat 11 * Update Standards-Version to 4.2.1 * Depend on - libjs-jquery-migrate-1 - libjs-moment - node-js-cookie instead of libjs-jquery-cookie - php-xml (split from php) * Recommend default-mysql-server instead of mysql-server (Closes: #848450) * Use shipped in version of php-html-safe * Get rid of Cherokee configuration * Use dh-apache2 to handle the default webserver configuration * Drop old symlink conversions * Update copyright * Update minimisation * Use rewrite for multisite * Make chown non-recursive in postinst * Drop trailing whitespace in changelog -- David Prévot <email address hidden> Wed, 28 Nov 2018 16:37:40 -1000
Available diffs
- diff from 3.1.4-4 to 3.2.1-1 (2.2 MiB)
Superseded in stretch-release |
spip (3.1.4-4~deb9u1) stretch-security; urgency=medium * Upload previous fixes to stretch -- David Prévot <email address hidden> Sun, 10 Jun 2018 16:49:16 -1000
Published in jessie-release |
spip (3.0.17-2+deb8u4) jessie-security; urgency=medium * Update security screen to 1.3.6 * Backport security fixes from 3.0.27 - Secure inserted URL in anchors - Secure URLs sent by self() - Escape charset in error message - Allow filter mode to be passed in interdire_scripts() - No onclick nor JS popup in footer - [Privacy] add rel attribute (noopener noreferrer) in private footer - PHP injection via XML file -- David Prévot <email address hidden> Sun, 10 Jun 2018 19:15:29 -1000
spip (3.1.4-4) unstable; urgency=medium * Update security screen to 1.3.6 * Backport security fixes from 3.1.7 - Do not disclose PHP version in headers - Secure inserted URL in anchors - Secure URLs sent by self() - Escape charset in error message - Allow filter mode to be passed in interdire_scripts() - No onclick nor JS popup in footer - Fix missing escapes - Secure _T() and _L() arguments - Provide a sanitize option for _T() and _L() - Deactivate sanitization when calling _T() in affdate_debut_fin() that uses secured data - Cross-site scripting (XSS) vulnerability [CVE-2017-15736] (Closes: #879954) - [Privacy] add rel attribute (noopener noreferrer) in private footer * Backport security fix from 3.1.8 - PHP injection via XML file * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895) * Move project repository to salsa.d.o -- David Prévot <email address hidden> Sun, 10 Jun 2018 14:57:12 -1000
Available diffs
- diff from 3.1.4-3 to 3.1.4-4 (10.4 KiB)
Superseded in stretch-release |
spip (3.1.4-3~deb9u1) stretch-security; urgency=high * Upload previous fixes to Stretch * Update previous changelog entry with CVE and bug report -- David Prévot <email address hidden> Mon, 19 Jun 2017 09:36:46 -1000
spip (3.1.4-3) unstable; urgency=high * Track Stretch * Backport security fix from 3.1.6 - Execution of arbitrary code * Update security screen to 1.3.2 -- David Prévot <email address hidden> Wed, 14 Jun 2017 10:43:54 -1000
Available diffs
- diff from 3.1.4-2 to 3.1.4-3 (2.6 KiB)
spip (3.1.4-2) unstable; urgency=medium * Fix broken symlink with recent libjs-jquery-ui. Thanks to Andreas Beckman (Closes: #857818) * Backport security fixes from 3.2-alpha-1 - Reflected Cross Site Scripting Vulnerabilities in /ecrire/exec/puce_statut.php and /ecrire/exec/info_plugin.php [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php [CVE-2016-9152] (Closes: #847156) * Remove incorrect statement that those security issues had been fixed from the previous changelog entry * Remove incorrect execution bit for ecrire/inc/idna_convert.class.php -- David Prévot <email address hidden> Wed, 26 Apr 2017 20:51:45 -1000
Available diffs
- diff from 3.1.4-1 to 3.1.4-2 (3.8 KiB)
Superseded in jessie-release |
spip (3.0.17-2+deb8u3) jessie; urgency=medium * Document CVE in previous changelog entry * Update security screen to 1.3.0 * Backport security fixes from 3.0.23 - Multiple XSS issues * Backport security fixes from 3.0.24 - Server side request forgery (SSRF) attacks via the var_url parameter [CVE-2016-7999] - Directory traversal vulnerability in ecrire/exec/valider_xml.php [CVE-2016-7982] - Execution of arbitrary PHP code by authenticated users [CVE-2016-7998] - Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php [CVE-2016-7980] - Cross-site scripting (XSS) vulnerability in valider_xml.php [CVE-2016-7981] * Backport security fixes from 3.2-alpha-1 - Reflected Cross Site Scripting Vulnerabilities in /ecrire/exec/puce_statut.php and /ecrire/exec/info_plugin.php [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php [CVE-2016-9152] (Closes: #847156) * Backport security fix from 3.0.25 - Execution of arbitrary PHP code -- David Prévot <email address hidden> Wed, 26 Apr 2017 18:02:00 -1000
spip (3.1.4-1) unstable; urgency=high [ Adriano Rafael Gomes ] * Add Brazilian Portuguese debconf templates translation (Closes: #829339) [ David Prévot ] * New upstream version 3.1.4, with security fixes: - Arbitrary PHP execution code - Reflected Cross Site Scripting (XSS) Vulnerabilities [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641) - Cross-site scripting (XSS) vulnerability [CVE-2016-9152] (Closes: #847156) * Update mutualisation to 1.3.5 * Update copyright -- David Prévot <email address hidden> Sat, 11 Mar 2017 08:24:16 -1000
Available diffs
- diff from 3.1.3-1 to 3.1.4-1 (98.4 KiB)
spip (3.1.3-1) unstable; urgency=high * Upload stable 3.1 branch to unstable for Stretch * Document CVE in previous changelog entry * New upstream version 3.1.2, with non-critical XSS security fixes * New upstream version 3.1.3, with security fixes: - Exec Code Cross-Site Request Forgery [CVE-2016-7980] - Reflected Cross-Site Scripting [CVE-2016-7981] - File Enumeration / Path Traversal [CVE-2016-7982] - Template Compiler/Composer PHP Code Execution [CVE-2016-7998] - Server Side Request Forgery [CVE-2016-7999] * Refresh mutualisation as of r99658 * Update Standards-Version to 3.9.8 -- David Prévot <email address hidden> Thu, 13 Oct 2016 07:33:27 -1000
Available diffs
- diff from 3.0.22-1 to 3.1.3-1 (4.0 MiB)
Published in wheezy-release |
spip (2.1.17-1+deb7u5) wheezy-security; urgency=high * Update displayed version * Backport security fixes from 2.1.29 - PHP code injection - Objects injection via unserialize * Update security screen to 1.2.4 -- David Prévot <email address hidden> Thu, 10 Mar 2016 20:47:57 -0400
Superseded in jessie-release |
spip (3.0.17-2+deb8u2) jessie-security; urgency=high * Backport security fixes from 3.0.22 - PHP code injection - Objects injection via unserialize * Update security screen to 1.2.4 -- David Prévot <email address hidden> Thu, 10 Mar 2016 19:18:09 -0400
spip (3.0.22-1) unstable; urgency=high * Track the 3.0 branch * Imported Upstream version 3.0.22, with security fixes: - PHP code injection - Objects injection via unserialize * Update mutualisation to 1.2.8 * Depend on php-* instead of php5-* for the php 7.0 transition * Update Standards-Version to 3.9.7 * Update copyright (years) -- David Prévot <email address hidden> Thu, 10 Mar 2016 21:22:43 -0400
Available diffs
Deleted in experimental-release (Reason: None provided.) |
spip (3.1.1-1) experimental; urgency=high * Imported Upstream version 3.1.1, with security fixes: - PHP code injection - Objects injection via unserialize * Update mutualisation to 1.2.8 * Depend on php-* instead of php5-* for the php 7.0 transition * Update copyright * Update Standards-Version to 3.9.7 -- David Prévot <email address hidden> Thu, 10 Mar 2016 21:24:26 -0400
Superseded in jessie-release |
spip (3.0.17-2+deb8u1) jessie; urgency=medium * Track Jessie * Backport XSS fixes in private content from 3.0.21 -- David Prévot <email address hidden> Sun, 01 Nov 2015 15:34:00 -0400
1 → 75 of 148 results | First • Previous • Next • Last |