[Bug 1978555] Re: [SRU] New upstream maintenance and security releases for Focal and Jammy
Robie Basak
1978555 at bugs.launchpad.net
Wed Jul 13 19:33:17 UTC 2022
** Also affects: spip (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: spip (Ubuntu Jammy)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1978555
Title:
[SRU] New upstream maintenance and security releases for Focal and
Jammy
Status in spip package in Ubuntu:
Fix Released
Status in spip source package in Focal:
New
Status in spip source package in Jammy:
New
Bug description:
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123, CVE-2022-26846 and
CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and
CVE-2022-26847.
To fix the vulnerabilities and other bugs, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.
Debian released an advisory on March 8.
[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
The Files-Excluded field in debian/copyright can be incorrect for the
new upstream releases, excluding or including files that should not
be, possibly leading to a nonfunctional SPIP or introducing other
bugs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1978555/+subscriptions
More information about the Ubuntu-sponsors
mailing list