[ubuntu/bionic-updates] spip 3.1.4-4~deb9u5build0.18.04.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Jun 16 15:28:13 UTC 2022 

spip (3.1.4-4~deb9u5build0.18.04.1) bionic-security; urgency=medium

  * fake sync from Debian to fix CVE-2020-28984, CVE-2022-26846 and
    CVE-2022-26847 (LP: #1971185).

spip (3.1.4-4~deb9u5) stretch-security; urgency=medium

  * Non-maintainer upload.
  * Switch back to a sane version number.
  * Add missing dependency on php-xml.
  * Recommend php-gd.
  * Fix security issues, backported from buster:
  * XSS:
    - 0049-Verifier-qu-on-a-bien-le-droit-de-modifier-le-login-.patch
    - 0050-appliquer-rawurlencode-aussi-sur-les-tableaux-qu-on-.patch
  * CVE-2022-26846, CVE-2022-26847:
    - 0022-Utilisation-des-fonctions-de-sanitization-sur-galeri.patch
      + prerequisite.
    - 0051-D-pr-cier-et-s-curiser-l-insertion-d-une-galerie-dan.patch
      + Don't use nullable types, not available in PHP 7.0 in stretch.

spip (3.1.4-4~deb9u4+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * Backport security fixes from 3.2.12
    - SQL injections, remote code execution, XSS
  * Fix Articles and Sections editing screens in admin area, which got broken in
    previous upload.
  * Fix user Preferences screen, which got broken in 3.1.4-4~deb9u4.

spip (3.1.4-4~deb9u4+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix TEMP-0000000-803658

spip (3.1.4-4~deb9u4) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix CVE-2020-28984: did not correctly validate he couleur,
    display, display_navigation, display_outils, imessage, and
    spip_ecran parameters.

Date: 2022-06-15 12:52:11.743569+00:00
Changed-By: Luís Cunha dos Reis Infante da Câmara <luis.infante.da.camara at tecnico.ulisboa.pt>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/spip/3.1.4-4~deb9u5build0.18.04.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list