[SECURITY] [DLA 738-1] spip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 738-1] spip security update
From: Chris Lamb <lamby@debian.org>
Date: Thu, 08 Dec 2016 21:16:18 +0100
Message-id: <[🔎] 1481228178.572490.813026849.572E1F4D@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : spip
Version        : 2.1.17-1+deb7u7
CVE ID         : CVE-2016-9152
Debian Bug     : 847156

It was discovered that there was a cross-site scripting (XSS) vulnerability in
spip, a website publishing engine, which allowed remote attackers to inject
arbitrary web script or HTML via the "rac" parameter.

For Debian 7 "Wheezy", this issue has been fixed in spip version
2.1.17-1+deb7u7.

We recommend that you upgrade your spip packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJv3wACgkQHpU+J9Qx
Hlh+FQ/+PgKG4xtrnREzwnFCaBRDr0C2SasWzwCHGR/GtcCYNZhU9GZSSvpYY+Cp
l+XS5iQtXjRzSG/8P/PxnB4gxoU/Jl8hlMqabpDRH9bo5Jg8ffJGytMM5sf54cBg
DyzKVKd8GaxbqXxDMVdkcyjt6fuJTlTEafNYDPmRPuvGZ9NZx8egLNoojK5mElvM
GVWXtbRI15A4osvNSuRRjYE3Z1mZ9KFGCyJV3Q5oMseVUbzGJ9zVLTN7LV3GoMFr
At60/KnsyVwypSsDuGX3EFSieuik9ZNhVrCLMw1waSQ9tHmIktE0FVnPfrsn6hkT
Hs3FiSIkBglxC4YMb8jE61G+4c0fvvg9HfFFjTY3rcoBWaxxL8Um6DvTxRiqV3Wu
XERX4+J+BX/q3TiBaS6MXjSAY2jcoRR/8VQlzorQ9i+LD293gUiiJf5TYZAj6SWZ
6I7AcaRr4tP9TY1vhXlQSoqty0G7VLX4oPCZbXjvujx+wkqwMtvaa6T/QVzqEK3a
B/b41nSF+NjtrYAo7/NA2hzHDhmIfcMWUAd8Q+wVBiN+F+Xmrl9w8VlGrk1vMkjS
v2OARCPa8XXLbi+epcLxJZ8nzal/dO1HLq0ms+AEeyQMX8W53zUZ27Y1/gUymsmO
u38S2pmKeiIKSzyaiSUUMld8e/qL98MeO5HulgKGVuLCgzUyo70=
=g5Ep
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 737-1] roundcube security update
Next by Date: [SECURITY] [DLA 739-1] jasper security updat
Previous by thread: [SECURITY] [DLA 737-1] roundcube security update
Next by thread: [SECURITY] [DLA 739-1] jasper security updat
Index(es):
- Date
- Thread