Debian
spip package

spip 3.1.4-4 source package in Debian

Changelog

spip (3.1.4-4) unstable; urgency=medium

  * Update security screen to 1.3.6
  * Backport security fixes from 3.1.7
    - Do not disclose PHP version in headers
    - Secure inserted URL in anchors
    - Secure URLs sent by self()
    - Escape charset in error message
    - Allow filter mode to be passed in interdire_scripts()
    - No onclick nor JS popup in footer
    - Fix missing escapes
    - Secure _T() and _L() arguments
    - Provide a sanitize option for _T() and _L()
    - Deactivate sanitization when calling _T() in affdate_debut_fin() that
      uses secured data
    - Cross-site scripting (XSS) vulnerability [CVE-2017-15736]
      (Closes: #879954)
    - [Privacy] add rel attribute (noopener noreferrer) in private footer
  * Backport security fix from 3.1.8
    - PHP injection via XML file
  * Drop dead list from Maintainer (and Romain from Uploaders) (Closes: #899895)
  * Move project repository to salsa.d.o

 -- David Prévot <email address hidden>  Sun, 10 Jun 2018 14:57:12 -1000

Upload details

Uploaded by:
David Prevot
Uploaded to:
Sid
Original maintainer:
David Prevot
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
spip_3.1.4-4.dsc 1.4 KiB 984cfbecc3ca82667e8c8dbbbabd78b4275a3a606e40408bf8116b25bc34c2ac
spip_3.1.4.orig.tar.xz 5.6 MiB 884778eca338242da714641727b9acaa8ec10a5aefeefc1dbe1d38ad379d8318
spip_3.1.4-4.debian.tar.xz 86.4 KiB aa4de988ca7a0e217514b5e5778320c4868d6b2124d6caafb409d7bc1e00de60

Available diffs

No changes file available.

Binary packages built by this source