1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4798-1] spip security update

    From Sebastien Delafond@21:1/5 to All on Wed Nov 25 09:00:02 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4798-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond November 25, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : spip
    CVE ID : CVE-2020-28984

    It was discovered that SPIP, a website engine for publishing, did not
    correctly validate its input. This would allow authenticated users to
    execute arbitrary code.

    For the stable distribution (buster), this problem has been fixed in
    version 3.2.4-1+deb10u3.

    We recommend that you upgrade your spip packages.

    For the detailed security status of spip please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/spip

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAl++DaEACgkQEL6Jg/PV nWRStwgAmZChNL7iGrRO5UAyAbws/zbEcP+WGF1JeaftlRPbY8+/ZSc4p07EVAcH C8qRHkv1Oor+UFa4LFxdIbof5Q5IgnBAz1l2ts5PWv3OxO5CGPi9/l0rpZDWsPFw uv+WmFvdEOF1hwq5CsPfc7SKA1ZX2pZs/q+uXAbiHGO8n+r/HR5Pv1gWd7kIESA9 qhSlDchTEtBKi+YLuAtaO2xMFOFdAxRydDjdqSOwHBYIXwgUOrqVBJKn/mMqjdUv zO+0NpZNU14mB5jL5/f6HFwUVwSIio5BsGk3kVqcnzO3z+ikfQuWkoGTf4nSZmLN 2GSpLYNS2oCzHnCeDcHCXjyERRGf0Q==
    =69gM
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)