Debian Security Advisory
DSA-2349-1 spip -- several vulnerabilities
- Date Reported:
- 19 Nov 2011
- Affected Packages:
- Security database references:
- No other external database security references currently available.
- More information:
Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting.
The oldstable distribution (lenny) doesn't include spip.
For the stable distribution (squeeze), this problem has been fixed in version 2.1.1-3squeeze2.
For the unstable distribution (sid), this problem has been fixed in version 2.1.12-1.
We recommend that you upgrade your spip packages.