[SECURITY] [DLA 1975-1] spip security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : spip
Version : 3.0.17-2+deb8u5
CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393
CVE-2019-16394
It was discovered that SPIP, a website engine for publishing, would allow
unauthenticated users to modify published content and write to the
database, perform cross-site request forgeries, and enumerate registered
users.
For Debian 8 "Jessie", these problems have been fixed in version
3.0.17-2+deb8u5.
We recommend that you upgrade your spip packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl23X9RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdetw/+OKjvJG/T9pgw2RH85UTbjC78fPuDbUgnvUzuiFpUMuu9E4chI+bNFFcv
FFBkv6CDv7T032XI4Igiitv75sj3UOHdfny580G7dNP8czRTSy5LByacO4RuAWE5
VV/GUl/YvAAMBS2bQuzwdQCTDXA+KM9C7hcXWUZw422Qgo8lMps1m3lkE5/t9YwF
DTZEj1/xc6Ad7i423UKN3wi4NV9xKnXA/5T7Rvwu/HAqqQm7aOul6PxiLNWju7HW
gTj7/DvA3wbfb4lyD2zJ8O6I067Qi+aqccMCSb6EqsDrDG0Fz4a3HBXiz5y8SS02
HNK8KR4F7oXvf022nlOr6RHG0kYPr/Vs3kRZYaumOCp4v/mQcxAskSp1K51+tA+1
XLy51eHkOy3utwpdLp+84ASQU3KeQyFTWAv1t3ssOD4Yn/zfwUk8a6x6ulkvrSng
k2jJrQwQPaRtlHIOO8ITGCEhA/Bkgl0Sq3hKtO1iY66KZYuo2aBpX4dTxZ36/7s/
s4YKdmOhS3DTmLzLCgH3PKRxOzMBaVTb+scPP0BTpMfTe76pl95vB6+j03P0LubE
vK9xSqUD6rR7yjsjDAwg6ZJ7MhVXk6tXiqf1X8kUy66oKcXWQzzlXQcvtnK/t2Pj
xTfIwE3QgweWVaxiGHk66xVcGv97TOIo9CMcPWd3+gkJpp6TqZQ=
=Dlk3
-----END PGP SIGNATURE-----
Reply to: