TEMP-0000000-1B6797

NameTEMP-0000000-1B6797
Descriptionseveral SQL injection, remote code execution, XSS issues
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
spip (PTS)stretch3.1.4-4~deb9u3vulnerable
stretch (security)3.1.4-4~deb9u4+deb9u2fixed
buster3.2.4-1+deb10u4vulnerable
buster (security)3.2.4-1+deb10u5fixed
bullseye3.2.11-3vulnerable
bullseye (security)3.2.11-3+deb11u1fixed
sid3.2.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
spipsourcestretch3.1.4-4~deb9u4+deb9u2
spipsourcebuster3.2.4-1+deb10u5
spipsourcebullseye3.2.11-3+deb11u1
spipsource(unstable)3.2.12-1

Notes

For the collection of issues fixed in DSA 5028-1
https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html

Search for package or bug name: Reporting problems