[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
Luís Cunha dos Reis Infante da Câmara
1971185 at bugs.launchpad.net
Tue Jun 14 10:08:52 UTC 2022
Please do so for Impish and also publish a patched package for Bionic.
For Focal and Jammy, I have opened bug #1978555.
** Description changed:
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and
CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in
Debian buster.
-
- To fix the vulnerabilities in Focal, Impish and Jammy, I want to upgrade to new upstream maintenance and security releases (3.2.15 for Focal and Impish and 4.0.7 for Jammy).
- The only additional change is to override Lintian errors.
-
- Debian released an advisory on March 8.
-
- [Test Plan]
- For each combination of Ubuntu release and CVE that affects the package in that release, test that the CVE cannot be exploited with the updated package.
-
- [Where problems could occur]
- There are no reverse dependencies in Ubuntu. However, the upstream bug fixes can cause regressions in software outside of the Ubuntu archive.
-
- The Files-Excluded field in debian/copyright can be incorrect for the
- new upstream releases, excluding or including files that should not be,
- possibly leading to a nonfunctional SPIP or introducing other bugs.
** Summary changed:
- Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
+ Multiple vulnerabilities in Bionic and Impish
** Description changed:
+ (The vulnerabilities in Focal and Jammy, along with other bugs, are
+ being fixed through the Stable Release Update process in bug #1978555).
+
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and
CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in
Debian buster.
** Description changed:
(The vulnerabilities in Focal and Jammy, along with other bugs, are
- being fixed through the Stable Release Update process in bug #1978555).
+ being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and
CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
To fix the vulnerabilities in Bionic, I want to backport the version in
Debian buster.
** Description changed:
(The vulnerabilities in Focal and Jammy, along with other bugs, are
being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
- The version in Focal is vulnerable to CVE-2020-28984, CVE-2021-44118,
- CVE-2021-44120, CVE-2021-44122, CVE-2021-44123I, CVE-2022-26846 and
- CVE-2022-26847.
-
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
- The version in Jammy is vulnerable to CVE-2022-26846 and CVE-2022-26847.
-
- To fix the vulnerabilities in Bionic, I want to backport the version in
- Debian buster.
+ Please backport the version in Debian buster.
** Description changed:
(The vulnerabilities in Focal and Jammy, along with other bugs, are
being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
- Please backport the version in Debian buster.
+ Please backport the versions in Debian buster and bullseye.
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1971185
Title:
Multiple vulnerabilities in Bionic and Impish
Status in spip package in Ubuntu:
In Progress
Bug description:
(The vulnerabilities in Focal and Jammy, along with other bugs, are
being fixed through the Stable Release Update process in bug #1978555)
The version in Bionic is vulnerable to CVE-2020-28984, CVE-2022-26846
and CVE-2022-26847.
The version in Impish is vulnerable to CVE-2021-44118, CVE-2021-44120,
CVE-2021-44122, CVE-2021-44123 and CVE-2022-26847.
Please backport the versions in Debian buster and bullseye.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions
More information about the Ubuntu-sponsors
mailing list