Debian alert DLA-1975-1 (spip)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1975-1] spip security update | |
| Date: | Mon, 28 Oct 2019 22:38:28 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.20.1910282236590.29267@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : spip Version : 3.0.17-2+deb8u5 CVE ID : CVE-2019-16391 CVE-2019-16392 CVE-2019-16393 CVE-2019-16394 It was discovered that SPIP, a website engine for publishing, would allow unauthenticated users to modify published content and write to the database, perform cross-site request forgeries, and enumerate registered users. For Debian 8 "Jessie", these problems have been fixed in version 3.0.17-2+deb8u5. We recommend that you upgrade your spip packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl23X9RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdetw/+OKjvJG/T9pgw2RH85UTbjC78fPuDbUgnvUzuiFpUMuu9E4chI+bNFFcv FFBkv6CDv7T032XI4Igiitv75sj3UOHdfny580G7dNP8czRTSy5LByacO4RuAWE5 VV/GUl/YvAAMBS2bQuzwdQCTDXA+KM9C7hcXWUZw422Qgo8lMps1m3lkE5/t9YwF DTZEj1/xc6Ad7i423UKN3wi4NV9xKnXA/5T7Rvwu/HAqqQm7aOul6PxiLNWju7HW gTj7/DvA3wbfb4lyD2zJ8O6I067Qi+aqccMCSb6EqsDrDG0Fz4a3HBXiz5y8SS02 HNK8KR4F7oXvf022nlOr6RHG0kYPr/Vs3kRZYaumOCp4v/mQcxAskSp1K51+tA+1 XLy51eHkOy3utwpdLp+84ASQU3KeQyFTWAv1t3ssOD4Yn/zfwUk8a6x6ulkvrSng k2jJrQwQPaRtlHIOO8ITGCEhA/Bkgl0Sq3hKtO1iY66KZYuo2aBpX4dTxZ36/7s/ s4YKdmOhS3DTmLzLCgH3PKRxOzMBaVTb+scPP0BTpMfTe76pl95vB6+j03P0LubE vK9xSqUD6rR7yjsjDAwg6ZJ7MhVXk6tXiqf1X8kUy66oKcXWQzzlXQcvtnK/t2Pj xTfIwE3QgweWVaxiGHk66xVcGv97TOIo9CMcPWd3+gkJpp6TqZQ= =Dlk3 -----END PGP SIGNATURE-----