Debian
spip package

spip 3.0.17-2+deb8u3 source package in Debian

Changelog

spip (3.0.17-2+deb8u3) jessie; urgency=medium

  * Document CVE in previous changelog entry
  * Update security screen to 1.3.0
  * Backport security fixes from 3.0.23
    - Multiple XSS issues
  * Backport security fixes from 3.0.24
    - Server side request forgery (SSRF) attacks via the var_url parameter
      [CVE-2016-7999]
    - Directory traversal vulnerability in ecrire/exec/valider_xml.php
      [CVE-2016-7982]
    - Execution of arbitrary PHP code by authenticated users [CVE-2016-7998]
    - Cross-site request forgery (CSRF) vulnerability in
      ecrire/exec/valider_xml.php [CVE-2016-7980]
    - Cross-site scripting (XSS) vulnerability in valider_xml.php
      [CVE-2016-7981]
  * Backport security fixes from 3.2-alpha-1
    - Reflected Cross Site Scripting Vulnerabilities in
      /ecrire/exec/puce_statut.php and /ecrire/exec/info_plugin.php
      [CVE-2016-9997] [CVE-2016-9998] (Closes: #848641)
    - Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php
      [CVE-2016-9152] (Closes: #847156)
  * Backport security fix from 3.0.25
    - Execution of arbitrary PHP code

 -- David Prévot <email address hidden>  Wed, 26 Apr 2017 18:02:00 -1000

Upload details

Uploaded by:
SPIP packaging team
Uploaded to:
Jessie
Original maintainer:
SPIP packaging team
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
spip_3.0.17-2+deb8u3.dsc 1.6 KiB 443b826d5a735020ce5d98a006693e08fca0d0493a91e182429f2f8e68a1920e
spip_3.0.17.orig.tar.xz 4.9 MiB 10df1ae6310cb8a7319a5135c38fdd85fa1f48d6edc754618b306a55f41c7b02
spip_3.0.17-2+deb8u3.debian.tar.xz 84.3 KiB 9d933ba9881693cff92a71bae79116ac133d7efbc9f8ec21d2c625d99114c52e

No changes file available.

Binary packages built by this source