SPIP 3.1 is no longer maintained upstream and Debian has not released fixes for CVE-2022-28959, CVE-2022-28960 and CVE-2022-28961 in Stretch. Therefore, I am not patching these CVEs in Bionic.
** Changed in: spip (Ubuntu) Status: New => In Progress ** Changed in: spip (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28959 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28960 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28961 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs