spip 3.2.7-1ubuntu0.1 source package in Ubuntu
Changelog
spip (3.2.7-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Cross Site Scripting (XSS) - debian/patches/CVE-2021-44118-1.patch: validate URLs before making a copy of a remote document. - debian/patches/CVE-2021-44118-2.patch: improve and add several checks over the domain. - debian/patches/CVE-2021-44120-1.patch: fix escaping SQL function query_echappe_textes. - debian/patches/CVE-2021-44120-2.patch: simply and fix regex in query_echappe_textes. - debian/patches/CVE-2021-44120-3.patch: only escape text on the first call of _mysql_traite_query. - debian/patches/CVE-2021-44120-4.patch: protect nom_site and bio from being modified by using safehtml. - CVE-2021-44120 - CVE-2021-44118 * SECURITY UPDATE: Cross Site Request Forgery (CSRF) - debian/patches/CVE-2021-44122-1.patch: refactor and add signature to form fields. - debian/patches/CVE-2021-44122-2.patch: replace function when handling signatures. - debian/patches/CVE-2021-44122-3.patch: increment spip_version_code, needed to regenerate forms. - debian/patches/CVE-2021-44122-4.patch: fix comment, reenable deprecated function. - CVE-2021-44122 * SECURITY UPDATE: Remote code execution - debian/patches/CVE-2021-44123.patch: handle multiple file extensions and remove the ones that are not allowed. - CVE-2021-44123 -- David Fernandez Gonzalez <email address hidden> Wed, 01 Mar 2023 12:07:07 +0100
Upload details
- Uploaded by:
- David Fernandez Gonzalez
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Focal | updates | universe | web | |
Focal | security | universe | web |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
spip_3.2.7.orig.tar.xz | 5.9 MiB | 8c8c21c8d58e52546aa3211861bad6355df99f88c64951df4095e23feaf49c2c |
spip_3.2.7-1ubuntu0.1.debian.tar.xz | 76.5 KiB | af29d0fabfe1b14785acd5c479940f65361bdf8bb9c874e5a512877827863a95 |
spip_3.2.7-1ubuntu0.1.dsc | 1.9 KiB | 67d737246b0e08bbc43013f3b19bb6f7a3f9084a716d2577b3c7193e216fd23f |
Available diffs
Binary packages built by this source
- spip: website engine for publishing
SPIP is a publishing system for the Internet in which great importance
is attached to collaborative working, to multilingual environments,
and to simplicity of use for web authors.
.
SPIP's benefit consists in:
.
* managing a magazine type site i.e. made up mainly of
articles and news items inserted in an arborescence
of sections nested in each others.
* completely separating and distributing three kinds of tasks
over various players: the graphic design, the site editorial
input through the submission of articles and news items and
the site editorial management.
* spare the webmaster and all the participants to the life of
the site, a number of tedious aspects of web publishing as
well as the need to learn lengthy technical skills.
SPIP allows you to start creating your sections and
articles straight away.