[Bug 1971185] [NEW] Multiple vulnerabilities in Bionic, Focal, Impish and Jammy

[Launchpad Bug Tracker]

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Luís Cunha dos Reis Infante da Câmara (luis220413):

The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.

The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and
CVE-2022-26847.

The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.

The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.

To fix the vulnerabilities in Bionic, I want to backport the version in
Debian buster.

To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
The only additional change is to override Lintian errors.

Debian released an advisory on March 8.

[Test Plan]
For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.

[Where problems could occur]
There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.

The Files-Excluded field in debian/copyright can be incorrect for the
new upstream releases, excluding or including files that should not be,
possibly leading to a nonfunctional SPIP or introducing other bugs.

** Affects: spip (Ubuntu)
     Importance: Undecided
     Assignee: Luís Cunha dos Reis Infante da Câmara (luis220413)
         Status: In Progress


** Tags: community-security patch
-- 
Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
https://bugs.launchpad.net/bugs/1971185
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.