Changelog
spip (3.2.4-1+deb10u1) buster-security; urgency=medium
* Backport security fixes from 3.2.5
- Critical security fix, allowing unidentified visitor to modify any
published content and execute other modifications in database
[CVE-2019-16391]
- Other security fixes:
+ better sanitization on redirections [CVE-2019-16393]
+ don’t disclose if user exists when resetting password [CVE-2019-16394]
+ better error message sanitization on login page [CVE-2019-16392]
- Update security screen to 1.3.12
* Add d/gbp.conf for buster
* Add CVE ID to previous changelog entry
* Refresh patch headers
-- David Prévot <email address hidden> Mon, 16 Sep 2019 11:45:48 -1000