| 2022-06-14 10:03:03 |
Luís Infante da Câmara |
bug |
|
|
added bug |
| 2022-06-14 10:03:12 |
Luís Infante da Câmara |
information type |
Private Security |
Public Security |
|
| 2022-06-14 10:03:48 |
Luís Infante da Câmara |
description |
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Focal and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities and other bugs, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
|
| 2022-06-14 10:03:53 |
Luís Infante da Câmara |
cve linked |
|
2020-28984 |
|
| 2022-06-14 10:03:59 |
Luís Infante da Câmara |
cve linked |
|
2021-44118 |
|
| 2022-06-14 10:04:06 |
Luís Infante da Câmara |
cve linked |
|
2021-44120 |
|
| 2022-06-14 10:04:16 |
Luís Infante da Câmara |
cve linked |
|
2021-44122 |
|
| 2022-06-14 10:04:23 |
Luís Infante da Câmara |
cve linked |
|
2021-44123 |
|
| 2022-06-14 10:04:38 |
Luís Infante da Câmara |
cve linked |
|
2022-26846 |
|
| 2022-06-14 10:04:48 |
Luís Infante da Câmara |
cve linked |
|
2022-26847 |
|
| 2022-06-14 10:14:49 |
Luís Infante da Câmara |
attachment added |
|
spip_focal.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1978555/+attachment/5597219/+files/spip_focal.debdiff |
|
| 2022-06-14 10:16:51 |
Luís Infante da Câmara |
attachment added |
|
spip_jammy.debdiff https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1978555/+attachment/5597220/+files/spip_jammy.debdiff |
|
| 2022-06-14 10:16:59 |
Luís Infante da Câmara |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2022-06-14 16:52:26 |
Steve Beattie |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
| 2022-06-26 08:55:24 |
Mathew Hodson |
spip (Ubuntu): importance |
Undecided |
Medium |
|
| 2022-07-13 13:29:37 |
Eduardo Barretto |
summary |
New upstream maintenance and security releases for Focal and Jammy |
[SRU] New upstream maintenance and security releases for Focal and Jammy |
|
| 2022-07-13 19:33:17 |
Robie Basak |
nominated for series |
|
Ubuntu Focal |
|
| 2022-07-13 19:33:17 |
Robie Basak |
bug task added |
|
spip (Ubuntu Focal) |
|
| 2022-07-13 19:33:17 |
Robie Basak |
nominated for series |
|
Ubuntu Jammy |
|
| 2022-07-13 19:33:17 |
Robie Basak |
bug task added |
|
spip (Ubuntu Jammy) |
|
| 2022-07-13 19:33:48 |
Luís Infante da Câmara |
spip (Ubuntu): status |
New |
Fix Released |
|
| 2023-02-09 13:09:15 |
Marc Deslauriers |
removed subscriber Ubuntu Security Sponsors Team |
|
|
|
| 2023-02-09 13:09:17 |
Marc Deslauriers |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2023-09-01 18:56:54 |
Luís Infante da Câmara |
summary |
[SRU] New upstream maintenance and security releases for Focal and Jammy |
Multiple vulnerabilities in Focal and Jammy |
|
| 2023-09-01 18:57:21 |
Luís Infante da Câmara |
description |
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118, CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities and other bugs, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the new upstream releases, excluding or including files that should not be, possibly leading to a nonfunctional SPIP or introducing other bugs. |
The version in Focal is vulnerable to CVE-2020-28984, CVE-2022-26846 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847. |
|
| 2023-09-01 18:57:25 |
Luís Infante da Câmara |
cve unlinked |
2021-44118 |
|
|
| 2023-09-01 18:57:33 |
Luís Infante da Câmara |
cve unlinked |
2021-44120 |
|
|
| 2023-09-01 18:57:37 |
Luís Infante da Câmara |
cve unlinked |
2021-44122 |
|
|
| 2023-09-01 18:57:40 |
Luís Infante da Câmara |
cve unlinked |
2021-44123 |
|
|
