spip 3.2.4-1+deb10u1 source package in Debian
Changelog
spip (3.2.4-1+deb10u1) buster-security; urgency=medium
* Backport security fixes from 3.2.5
- Critical security fix, allowing unidentified visitor to modify any
published content and execute other modifications in database
[CVE-2019-16391]
- Other security fixes:
+ better sanitization on redirections [CVE-2019-16393]
+ don’t disclose if user exists when resetting password [CVE-2019-16394]
+ better error message sanitization on login page [CVE-2019-16392]
- Update security screen to 1.3.12
* Add d/gbp.conf for buster
* Add CVE ID to previous changelog entry
* Refresh patch headers
-- David Prévot <email address hidden> Mon, 16 Sep 2019 11:45:48 -1000
Upload details
- Uploaded by:
- David Prevot
- Uploaded to:
- Buster
- Original maintainer:
- David Prevot
- Architectures:
- all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| spip_3.2.4-1+deb10u1.dsc | 1.5 KiB | d54785b76bebc70230f75ea0cf871897e7fdc1ca92977e3dd43f000efbc373de |
| spip_3.2.4.orig.tar.xz | 5.9 MiB | aa3d58380731e1b92d120b19603f2ee9171a4280276308fc6529d5723f34a3f1 |
| spip_3.2.4-1+deb10u1.debian.tar.xz | 73.5 KiB | 2d73e3c7cdc217c4d946fd6c00ee06de76a661a057e5ad6cf5ce66a6f9fb6532 |
No changes file available.
