[SECURITY] [DSA 6296-1] spip security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6296-1] spip security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 25 May 2026 15:12:28 +0000
Message-id: <[🔎] E1wRWyi-00000003Alf-35uj@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6296-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 25, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : spip
CVE ID         : CVE-2026-8429 CVE-2026-8430 CVE-2026-48832

Multiple vulnerabilities were discovered in SPIP, a website engine for
publishing, which may result in remote code execution or an open
redirect.

For the stable distribution (trixie), these problems have been fixed in
version 4.4.15+dfsg-0+deb13u1.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoUZf9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0R4KRAAgxqOxC7m/oNncv8zoEAT41jF/G5xWZs9J5zIcqvNFelnYbC0GSZJpi32
IQ7x/dfN2YRSzbNFfaYzq9BbiNMakIVQnuyLSQ3M/22ARi3QgpRNZkelhIoK0KG+
8UIZl+Q04jNW+2oOYhZ3KMfotXRhReUkBEOeFS9mu1Vyt5lk5uQH5ECTK/aR+CD/
A2HD9x4sgeJ4twBCZ28pb+lJ+/f29rhF1ETr1YJ86Yxo6WOFGRdYAqrKRCQTENXZ
Xi2oPV28+Ar4/5kVyd4FKNSioUx90fyO1FddlJ4pKvz8S7vX/Ms+RyJFuEl7CwPn
eyFgB61c+QJyl4G8oXxsa1GXooF7tDoGtIetxML7IG/blzuQHW3OjGzu3V/dGij6
EQ99ZBL+7enxYvWS+OfuuRAcypJi2Gpmg2aanpHQQgb/gzcbG/eUkAzweLHcMu0Y
fPRCbFf92YH4pE44n6VRGvnTjzSN3cPwLktQ4DQm4Em66VX9uih/M8U1witi9rtc
0ahWEFIRDV8rzqS0tNTb8hnrKnJhi+JJ1CoTBDc/c3ZVIg3MAwRTPnSVbYqDeXvT
sgAExqkiANf+h8HwnNoWoGB+ybuaXpEb5rBW0J5mY7wqXpGHuV5KOFG49xcUGarl
MOyFUFW+nbtH1tgWr1c0FxAihV7IZm8L1v4iBMFpETNcaoI3WAc=
=dfAd
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6295-1] linux security update
Next by Date: [SECURITY] [DSA 6297-1] samba security update
Previous by thread: [SECURITY] [DSA 6295-1] linux security update
Next by thread: [SECURITY] [DSA 6297-1] samba security update
Index(es):
- Date
- Thread