TEMP-0000000-5D364E

NameTEMP-0000000-5D364E
DescriptionSQL injection, sanitization, and login bypass
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
spip (PTS)buster, buster (security)3.2.4-1+deb10u9vulnerable
bullseye3.2.11-3+deb11u5vulnerable
bullseye (security)3.2.11-3+deb11u6fixed
bookworm, sid4.1.7+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
spipsourcebullseye3.2.11-3+deb11u6
spipsource(unstable)4.1.7+dfsg-1

Notes

https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr
https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92

Search for package or bug name: Reporting problems