[SECURITY] [DLA 2505-1] spip security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2505-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
December 23, 2020 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : spip
Version : 3.1.4-4~deb9u4
CVE ID : CVE-2020-28984
It was found that spip, a website engine for publishing, did not correctly
validate its input (couleur, display, display_navigation, display_outils,
imessage, and spip_ecran) allowing authenticated users to execute arbitrary
code.
For Debian 9 stretch, this problem has been fixed in version
3.1.4-4~deb9u4.
We recommend that you upgrade your spip packages.
For the detailed security status of spip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/spip
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl/jhskACgkQgj6WdgbD
S5a+EA/8DCJ1hvOVM9R08Gbl2+qAIEdJxLMYhy/lAouVQWQyWO2ODg671mSZLjf5
/bLklT2vxW8o0/m8Xbbqb3nFgnOHMRPOpKkyr6aepVmdNqya10lddLDlDScyDkSw
NiY3olecMTeOfxJS1aVw9FOBkT+eRgAovEPO+TXImcUB0ByeDlehHGdDplz/MTqY
DRmP3+KtJ87ilCduTnOOLMvYYOUvv+4u/eQMlBjTWNctmO+r9kbHl/5XTcTCfRWH
uv+FYNK9UN1lKsn7UMqTu8TOmVgnYObpOzve2hlVZvwac/RElNYSUBFazU4ElMVd
hSn1cwoizM8Pc0G1w8xcoNNyrLaaTBs8goMMVqCMcyWM40hx9dVx53Rdlrb0VRJJ
Ipsf/XIGq4+wQYOwC/RtCXqpjPa7+kgykynQRKfkw42AjWk1UwZH/W2EAopvKOVz
M46ZK3NXRdbm/dTkiIz/lwPgLOaOPd0XC4IZ4qvxE6/av2kP86MtXi7VPaAiwV5+
AxCTafYVhaDSaAGe6WQIeTR1MO4DvDrZilqgnQ76UUDVlnuc6RlhrWYl48jZ0IGy
u666nrsVqSTBFcXxWmnEw2YIWJyr71R6D/y7PBOeDcOMuP0A9aLBTJdIvBGmijH5
ttky95fxmMByHkRn7GUZ+KF0iuAYun1WDewSZ7+WvLwcQumNVdg=
=nEdO
-----END PGP SIGNATURE-----
Reply to: