Bug#1059331: spip: XSS issue fixed in 4.1.13 upstream
Control: fixed -1 4.1.9+dfsg-1+deb12u4 From https://sources.debian.org/src/spip/4.1.9%2Bdfsg-1%2Bdeb12u4/debian/changelog/ spip (4.1.9+dfsg-1+deb12u4) bookworm; urgency=medium * Backport security fix from 4.1.15 - fix XSS in uploaded files using bigup -- David Prévot Fri, 12 Jan 2024 13:42:36 +0100 spip (4.1.9+dfsg-1+deb12u3) bookworm; urgency=medium * Backport security fix from 4.1.13 - fix XSS when calling some templates -- David Prévot Thu, 21 Dec 2023 19:24:13 +0100 The 4.1.13 backport was part of 4.1.9+dfsg-1+deb12u3, but it seems it was not uploaded. On Fri, 22 Dec 2023 16:57:40 +0100 Salvatore Bonaccorso wrote: > Source: spip > Version: 4.1.12+dfsg-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > Control: fixed -1 4.1.13+dfsg-1 > Control: found -1 4.1.9+dfsg-1+deb12u2 > Control: found -1 3.2.11-3+deb11u9 > > Filling a bug for tracking (as otherwise beeing a unspecified TEMP > entry), as the issue has no CVE: 4.1.13 fixes an issue: > >* fix: les modèles insérés dans un texte héritent automatiquement du > contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de > variables envoyées par l'utilisateur > > https://tracker.debian.org/news/1488834/accepted-spip-4113dfsg-1-source-into-unstable/ > > Regards, > Salvatore signature.asc Description: PGP signature
Bug#1059331: spip: XSS issue fixed in 4.1.13 upstream
Control: fixed -1 3.2.11-3+deb11u10 https://tracker.debian.org/news/1500839/accepted-spip-3211-3deb11u10-source-into-oldstable-proposed-updates/ On Fri, 22 Dec 2023 16:57:40 +0100 Salvatore Bonaccorso wrote: > Source: spip > Version: 4.1.12+dfsg-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > Control: fixed -1 4.1.13+dfsg-1 > Control: found -1 4.1.9+dfsg-1+deb12u2 > Control: found -1 3.2.11-3+deb11u9 > > Filling a bug for tracking (as otherwise beeing a unspecified TEMP > entry), as the issue has no CVE: 4.1.13 fixes an issue: > >* fix: les modèles insérés dans un texte héritent automatiquement du > contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de > variables envoyées par l'utilisateur > > https://tracker.debian.org/news/1488834/accepted-spip-4113dfsg-1-source-into-unstable/ > > Regards, > Salvatore signature.asc Description: PGP signature
Bug#1059331: spip: XSS issue fixed in 4.1.13 upstream
Source: spip Version: 4.1.12+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team Control: fixed -1 4.1.13+dfsg-1 Control: found -1 4.1.9+dfsg-1+deb12u2 Control: found -1 3.2.11-3+deb11u9 Filling a bug for tracking (as otherwise beeing a unspecified TEMP entry), as the issue has no CVE: 4.1.13 fixes an issue: * fix: les modèles insérés dans un texte héritent automatiquement du contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de variables envoyées par l'utilisateur https://tracker.debian.org/news/1488834/accepted-spip-4113dfsg-1-source-into-unstable/ Regards, Salvatore