-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : spip Version : 2.1.17-1+deb7u7 CVE ID : CVE-2016-9152 Debian Bug : 847156
It was discovered that there was a cross-site scripting (XSS) vulnerability in spip, a website publishing engine, which allowed remote attackers to inject arbitrary web script or HTML via the "rac" parameter. For Debian 7 "Wheezy", this issue has been fixed in spip version 2.1.17-1+deb7u7. We recommend that you upgrade your spip packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlhJv3wACgkQHpU+J9Qx Hlh+FQ/+PgKG4xtrnREzwnFCaBRDr0C2SasWzwCHGR/GtcCYNZhU9GZSSvpYY+Cp l+XS5iQtXjRzSG/8P/PxnB4gxoU/Jl8hlMqabpDRH9bo5Jg8ffJGytMM5sf54cBg DyzKVKd8GaxbqXxDMVdkcyjt6fuJTlTEafNYDPmRPuvGZ9NZx8egLNoojK5mElvM GVWXtbRI15A4osvNSuRRjYE3Z1mZ9KFGCyJV3Q5oMseVUbzGJ9zVLTN7LV3GoMFr At60/KnsyVwypSsDuGX3EFSieuik9ZNhVrCLMw1waSQ9tHmIktE0FVnPfrsn6hkT Hs3FiSIkBglxC4YMb8jE61G+4c0fvvg9HfFFjTY3rcoBWaxxL8Um6DvTxRiqV3Wu XERX4+J+BX/q3TiBaS6MXjSAY2jcoRR/8VQlzorQ9i+LD293gUiiJf5TYZAj6SWZ 6I7AcaRr4tP9TY1vhXlQSoqty0G7VLX4oPCZbXjvujx+wkqwMtvaa6T/QVzqEK3a B/b41nSF+NjtrYAo7/NA2hzHDhmIfcMWUAd8Q+wVBiN+F+Xmrl9w8VlGrk1vMkjS v2OARCPa8XXLbi+epcLxJZ8nzal/dO1HLq0ms+AEeyQMX8W53zUZ27Y1/gUymsmO u38S2pmKeiIKSzyaiSUUMld8e/qL98MeO5HulgKGVuLCgzUyo70= =g5Ep -----END PGP SIGNATURE-----