2022-05-02 18:03:01 |
Luís Infante da Câmara |
bug |
|
|
added bug |
2022-05-02 18:03:40 |
Luís Infante da Câmara |
cve linked |
|
2020-28984 |
|
2022-05-02 18:03:49 |
Luís Infante da Câmara |
cve linked |
|
2021-44118 |
|
2022-05-02 18:04:05 |
Luís Infante da Câmara |
cve linked |
|
2021-44120 |
|
2022-05-02 18:04:13 |
Luís Infante da Câmara |
cve linked |
|
2021-44122 |
|
2022-05-02 18:04:22 |
Luís Infante da Câmara |
cve linked |
|
2021-44123 |
|
2022-05-02 18:04:28 |
Luís Infante da Câmara |
cve linked |
|
2022-26846 |
|
2022-05-02 18:04:37 |
Luís Infante da Câmara |
cve linked |
|
2022-26847 |
|
2022-05-02 18:04:43 |
Luís Infante da Câmara |
information type |
Private Security |
Public Security |
|
2022-05-02 18:19:10 |
Marc Deslauriers |
tags |
|
community-security |
|
2022-05-31 19:40:04 |
Luís Infante da Câmara |
spip (Ubuntu): status |
New |
In Progress |
|
2022-05-31 19:40:06 |
Luís Infante da Câmara |
spip (Ubuntu): assignee |
|
Luís Cunha dos Reis Infante da Câmara (luis220413) |
|
2022-05-31 19:44:48 |
Luís Infante da Câmara |
cve linked |
|
2022-28959 |
|
2022-05-31 19:44:48 |
Luís Infante da Câmara |
cve linked |
|
2022-28960 |
|
2022-05-31 19:44:48 |
Luís Infante da Câmara |
cve linked |
|
2022-28961 |
|
2022-05-31 19:49:24 |
Luís Infante da Câmara |
attachment added |
|
spip_bionic.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594128/+files/spip_bionic.debdiff |
|
2022-05-31 20:23:20 |
Ubuntu Foundations Team Bug Bot |
tags |
community-security |
community-security patch |
|
2022-05-31 20:23:28 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2022-05-31 20:39:38 |
Luís Infante da Câmara |
attachment added |
|
spip_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594133/+files/spip_focal.debdiff |
|
2022-05-31 20:53:02 |
Luís Infante da Câmara |
attachment added |
|
spip_impish.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594134/+files/spip_impish.debdiff |
|
2022-05-31 21:07:33 |
Luís Infante da Câmara |
attachment added |
|
spip_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594136/+files/spip_jammy.debdiff |
|
2022-05-31 21:08:02 |
Luís Infante da Câmara |
spip (Ubuntu): status |
In Progress |
Fix Committed |
|
2022-06-08 13:34:02 |
Luís Infante da Câmara |
spip (Ubuntu): status |
Fix Committed |
In Progress |
|
2022-06-13 14:03:44 |
Luís Infante da Câmara |
description |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
Please package fixed versions.
Debian released an advisory on March 8. |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to fix Lintian errors (and warnings?).
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
|
2022-06-13 14:08:10 |
Luís Infante da Câmara |
description |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to fix Lintian errors (and warnings?).
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to fix Lintian errors (and warnings?).
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
|
2022-06-13 14:08:38 |
Luís Infante da Câmara |
attachment removed |
spip_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594133/+files/spip_focal.debdiff |
|
|
2022-06-13 15:02:52 |
Luís Infante da Câmara |
description |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to fix Lintian errors (and warnings?).
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
|
2022-06-13 15:30:57 |
Luís Infante da Câmara |
attachment added |
|
spip_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5597069/+files/spip_focal.debdiff |
|
2022-06-13 18:19:33 |
Luís Infante da Câmara |
attachment removed |
spip_impish.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594134/+files/spip_impish.debdiff |
|
|
2022-06-13 18:20:08 |
Luís Infante da Câmara |
attachment added |
|
spip_impish.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5597085/+files/spip_impish.debdiff |
|
2022-06-13 18:45:11 |
Luís Infante da Câmara |
attachment removed |
spip_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594136/+files/spip_jammy.debdiff |
|
|
2022-06-13 18:46:11 |
Luís Infante da Câmara |
attachment added |
|
spip_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5597086/+files/spip_jammy.debdiff |
|
2022-06-13 18:48:27 |
Luís Infante da Câmara |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2022-06-14 10:02:00 |
Luís Infante da Câmara |
description |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster.
To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
|
2022-06-14 10:04:57 |
Luís Infante da Câmara |
summary |
Multiple vulnerabilities in Bionic, Focal, Impish and Jammy |
Multiple vulnerabilities in Bionic and Impish |
|
2022-06-14 10:05:53 |
Luís Infante da Câmara |
description |
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555).
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
|
2022-06-14 10:06:00 |
Luís Infante da Câmara |
description |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555).
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
|
2022-06-14 10:06:27 |
Luís Infante da Câmara |
description |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in Debian buster. |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
Please backport the version in Debian buster. |
|
2022-06-14 10:06:36 |
Luís Infante da Câmara |
description |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
Please backport the version in Debian buster. |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
Please backport the versions in Debian buster and bullseye. |
|
2022-06-14 10:20:04 |
Luís Infante da Câmara |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2022-06-14 15:13:22 |
Eduardo Barretto |
nominated for series |
|
Ubuntu Bionic |
|
2022-06-14 15:13:22 |
Eduardo Barretto |
bug task added |
|
spip (Ubuntu Bionic) |
|
2022-06-14 15:13:22 |
Eduardo Barretto |
nominated for series |
|
Ubuntu Impish |
|
2022-06-14 15:13:22 |
Eduardo Barretto |
bug task added |
|
spip (Ubuntu Impish) |
|
2022-06-14 15:13:28 |
Eduardo Barretto |
spip (Ubuntu Bionic): assignee |
|
Eduardo Barretto (ebarretto) |
|
2022-06-14 15:13:31 |
Eduardo Barretto |
spip (Ubuntu Impish): assignee |
|
Eduardo Barretto (ebarretto) |
|
2022-06-14 15:13:35 |
Eduardo Barretto |
spip (Ubuntu Bionic): status |
New |
In Progress |
|
2022-06-14 15:13:39 |
Eduardo Barretto |
spip (Ubuntu Impish): status |
New |
In Progress |
|
2022-06-14 21:47:48 |
Luís Infante da Câmara |
description |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
Please backport the versions in Debian buster and bullseye. |
(The vulnerabilities in Focal and Jammy, along with other bugs, are being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
Please backport the versions in Debian buster and bullseye. |
|
2022-06-16 15:05:25 |
Launchpad Janitor |
spip (Ubuntu Bionic): status |
In Progress |
Fix Released |
|
2022-06-16 15:17:10 |
Eduardo Barretto |
spip (Ubuntu Impish): status |
In Progress |
Fix Released |
|
2022-06-19 16:41:45 |
Luís Infante da Câmara |
spip (Ubuntu): assignee |
Luís Cunha dos Reis Infante da Câmara (luis220413) |
|
|
2022-06-19 16:41:47 |
Luís Infante da Câmara |
spip (Ubuntu): status |
In Progress |
Fix Released |
|