[SECURITY] [DLA 2505-1] spip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2505-1] spip security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Wed, 23 Dec 2020 23:35:27 +0530
Message-id: <[🔎] CAPP0f97cia1GfPhHz8m1nE1UFQnP8GFJeukcOQpAxtPD7mR6cQ@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2505-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                        Abhijith PA
December 23, 2020                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : spip
Version        : 3.1.4-4~deb9u4
CVE ID         : CVE-2020-28984

It was found that spip,  a website engine for publishing, did not correctly
validate its input (couleur, display, display_navigation, display_outils,
imessage, and spip_ecran) allowing authenticated users to execute arbitrary
code.

For Debian 9 stretch, this problem has been fixed in version
3.1.4-4~deb9u4.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/jhskACgkQgj6WdgbD
S5a+EA/8DCJ1hvOVM9R08Gbl2+qAIEdJxLMYhy/lAouVQWQyWO2ODg671mSZLjf5
/bLklT2vxW8o0/m8Xbbqb3nFgnOHMRPOpKkyr6aepVmdNqya10lddLDlDScyDkSw
NiY3olecMTeOfxJS1aVw9FOBkT+eRgAovEPO+TXImcUB0ByeDlehHGdDplz/MTqY
DRmP3+KtJ87ilCduTnOOLMvYYOUvv+4u/eQMlBjTWNctmO+r9kbHl/5XTcTCfRWH
uv+FYNK9UN1lKsn7UMqTu8TOmVgnYObpOzve2hlVZvwac/RElNYSUBFazU4ElMVd
hSn1cwoizM8Pc0G1w8xcoNNyrLaaTBs8goMMVqCMcyWM40hx9dVx53Rdlrb0VRJJ
Ipsf/XIGq4+wQYOwC/RtCXqpjPa7+kgykynQRKfkw42AjWk1UwZH/W2EAopvKOVz
M46ZK3NXRdbm/dTkiIz/lwPgLOaOPd0XC4IZ4qvxE6/av2kP86MtXi7VPaAiwV5+
AxCTafYVhaDSaAGe6WQIeTR1MO4DvDrZilqgnQ76UUDVlnuc6RlhrWYl48jZ0IGy
u666nrsVqSTBFcXxWmnEw2YIWJyr71R6D/y7PBOeDcOMuP0A9aLBTJdIvBGmijH5
ttky95fxmMByHkRn7GUZ+KF0iuAYun1WDewSZ7+WvLwcQumNVdg=
=nEdO
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2506-1] awstats security update
Next by Date: [SECURITY] [DLA 2488-2] python-apt regression update
Previous by thread: [SECURITY] [DLA 2506-1] awstats security update
Next by thread: [SECURITY] [DLA 2488-2] python-apt regression update
Index(es):
- Date
- Thread