[SECURITY] [DLA 1975-1] spip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1975-1] spip security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 28 Oct 2019 22:38:28 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1910282236590.29267@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : spip
Version        : 3.0.17-2+deb8u5
CVE ID         : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393
                 CVE-2019-16394

It was discovered that SPIP, a website engine for publishing, would allowunauthenticated users to modify published content and write to thedatabase, perform cross-site request forgeries, and enumerate registeredusers.

For Debian 8 "Jessie", these problems have been fixed in version3.0.17-2+deb8u5.


We recommend that you upgrade your spip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl23X9RfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdetw/+OKjvJG/T9pgw2RH85UTbjC78fPuDbUgnvUzuiFpUMuu9E4chI+bNFFcv
FFBkv6CDv7T032XI4Igiitv75sj3UOHdfny580G7dNP8czRTSy5LByacO4RuAWE5
VV/GUl/YvAAMBS2bQuzwdQCTDXA+KM9C7hcXWUZw422Qgo8lMps1m3lkE5/t9YwF
DTZEj1/xc6Ad7i423UKN3wi4NV9xKnXA/5T7Rvwu/HAqqQm7aOul6PxiLNWju7HW
gTj7/DvA3wbfb4lyD2zJ8O6I067Qi+aqccMCSb6EqsDrDG0Fz4a3HBXiz5y8SS02
HNK8KR4F7oXvf022nlOr6RHG0kYPr/Vs3kRZYaumOCp4v/mQcxAskSp1K51+tA+1
XLy51eHkOy3utwpdLp+84ASQU3KeQyFTWAv1t3ssOD4Yn/zfwUk8a6x6ulkvrSng
k2jJrQwQPaRtlHIOO8ITGCEhA/Bkgl0Sq3hKtO1iY66KZYuo2aBpX4dTxZ36/7s/
s4YKdmOhS3DTmLzLCgH3PKRxOzMBaVTb+scPP0BTpMfTe76pl95vB6+j03P0LubE
vK9xSqUD6rR7yjsjDAwg6ZJ7MhVXk6tXiqf1X8kUy66oKcXWQzzlXQcvtnK/t2Pj
xTfIwE3QgweWVaxiGHk66xVcGv97TOIo9CMcPWd3+gkJpp6TqZQ=
=Dlk3
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1973-1] libxslt security update
Next by Date: [SECURITY] [DLA 1977-1] libvncserver security update
Previous by thread: [SECURITY] [DLA 1973-1] libxslt security update
Next by thread: [SECURITY] [DLA 1977-1] libvncserver security update
Index(es):
- Date
- Thread