Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6

To: David Prévot <taffit@debian.org>, 1005218@bugs.debian.org
Subject: Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Feb 2022 19:00:30 +0000
Message-id: <[🔎] a7d339859199755d8d1965779d189534ed728f43.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1005218@bugs.debian.org
In-reply-to: <[🔎] YgNtzbAqnh6eUFd3@persil.tilapin.org>
References: <[🔎] YgNtzbAqnh6eUFd3@persil.tilapin.org> <[🔎] YgNtzbAqnh6eUFd3@persil.tilapin.org>

Control: tags -1 + confirmed

On Wed, 2022-02-09 at 03:31 -0400, David Prévot wrote:
> Two security issues (XSS) have been fixed in the latest upstream
> version. As agreed with the security team, those are not worth a DSA.
> 
> [ Impact ]
> Without these fixes, websites are vulnerable to already public XSS
> issues.
> 

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6
  - From: David Prévot <taffit@debian.org>

Prev by Date: Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1
Next by Date: Processed: Re: Bug#1002051: bullseye-pu: package heartbeat/1:3.0.6-11+deb11u1
Previous by thread: Processed: Re: Bug#1005218: buster-pu: package spip/3.2.4-1+deb10u6
Next by thread: Bug#1005231: bullseye-pu: package nvidia-xconfig/470.103.01-1~deb11u1
Index(es):
- Date
- Thread