Ubuntu
spip package

spip 3.2.7-1ubuntu0.1 source package in Ubuntu

Changelog

spip (3.2.7-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Cross Site Scripting (XSS)
    - debian/patches/CVE-2021-44118-1.patch: validate URLs
      before making a copy of a remote document.
    - debian/patches/CVE-2021-44118-2.patch: improve and
      add several checks over the domain.
    - debian/patches/CVE-2021-44120-1.patch: fix escaping
      SQL function query_echappe_textes.
    - debian/patches/CVE-2021-44120-2.patch: simply and fix
      regex in query_echappe_textes.
    - debian/patches/CVE-2021-44120-3.patch: only escape
      text on the first call of _mysql_traite_query.
    - debian/patches/CVE-2021-44120-4.patch: protect nom_site
      and bio from being modified by using safehtml.
    - CVE-2021-44120
    - CVE-2021-44118
  * SECURITY UPDATE: Cross Site Request Forgery (CSRF)
    - debian/patches/CVE-2021-44122-1.patch: refactor and
      add signature to form fields.
    - debian/patches/CVE-2021-44122-2.patch: replace function
      when handling signatures.
    - debian/patches/CVE-2021-44122-3.patch: increment
      spip_version_code, needed to regenerate forms.
    - debian/patches/CVE-2021-44122-4.patch: fix comment,
      reenable deprecated function.
    - CVE-2021-44122
  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2021-44123.patch: handle multiple
      file extensions and remove the ones that are not allowed.
    - CVE-2021-44123

 -- David Fernandez Gonzalez <email address hidden>  Wed, 01 Mar 2023 12:07:07 +0100

Upload details

Uploaded by:
David Fernandez Gonzalez
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Focal updates universe web
Focal security universe web

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
spip_3.2.7.orig.tar.xz 5.9 MiB 8c8c21c8d58e52546aa3211861bad6355df99f88c64951df4095e23feaf49c2c
spip_3.2.7-1ubuntu0.1.debian.tar.xz 76.5 KiB af29d0fabfe1b14785acd5c479940f65361bdf8bb9c874e5a512877827863a95
spip_3.2.7-1ubuntu0.1.dsc 1.9 KiB 67d737246b0e08bbc43013f3b19bb6f7a3f9084a716d2577b3c7193e216fd23f

View changes file

Binary packages built by this source

spip: website engine for publishing

 SPIP is a publishing system for the Internet in which great importance
 is attached to collaborative working, to multilingual environments,
 and to simplicity of use for web authors.
 .
 SPIP's benefit consists in:
 .
  * managing a magazine type site i.e. made up mainly of
    articles and news items inserted in an arborescence
    of sections nested in each others.
  * completely separating and distributing three kinds of tasks
    over various players: the graphic design, the site editorial
    input through the submission of articles and news items and
    the site editorial management.
  * spare the webmaster and all the participants to the life of
    the site, a number of tedious aspects of web publishing as
    well as the need to learn lengthy technical skills.
    SPIP allows you to start creating your sections and
    articles straight away.