Information on source package spip

Available versions

ReleaseVersion
wheezy2.1.17-1+deb7u5
wheezy (security)2.1.17-1+deb7u8
jessie3.0.17-2+deb8u3
jessie (security)3.0.17-2+deb8u2
stretch (security)3.1.4-3~deb9u1
buster3.1.4-3
sid3.1.4-3

Open issues

BugwheezyjessiestretchbustersidDescription
CVE-2017-15736fixedvulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableCross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...

Resolved issues

BugDescription
TEMP-0683667-E2E855base name disclosure
TEMP-0672961-92221Ctwo XSS
TEMP-0649113-869F0Dspip XSS
TEMP-0649113-5F7BC7spip privilege escalation
TEMP-0646758-12F1BDspip path disclosure
TEMP-0609212-CA8607multiple spip issues
TEMP-0000000-42228Bspip DoS
CVE-2017-9736SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...
CVE-2016-9998SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...
CVE-2016-9997SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...
CVE-2016-9152Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...
CVE-2016-7999ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote ...
CVE-2016-7998The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows ...
CVE-2016-7982Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...
CVE-2016-7981Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP ...
CVE-2016-7980Cross-site request forgery (CSRF) vulnerability in ...
CVE-2016-3154The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP ...
CVE-2016-3153SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 ...
CVE-2013-7303Multiple cross-site scripting (XSS) vulnerabilities in (1) ...
CVE-2013-4557The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ...
CVE-2013-4556Cross-site scripting (XSS) vulnerability in the author page ...
CVE-2013-4555Cross-site request forgery (CSRF) vulnerability in ...
CVE-2013-2118SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...
CVE-2012-4331Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x ...
CVE-2012-2151Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x ...
CVE-2009-3041SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper ...
CVE-2008-5813SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...
CVE-2008-5812Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...
CVE-2007-4525** DISPUTED ** ...
CVE-2006-1702PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...
CVE-2006-1295Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...
CVE-2006-0626SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...
CVE-2006-0625Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...
CVE-2006-0519SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...
CVE-2006-0518Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...
CVE-2006-0517Multiple SQL injection vulnerabilities in ...
CVE-2005-4494Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...

Security announcements

DSA / DLADescription
DSA-3890-1spip - security update
DLA-760-1spip - security update
DLA-738-1spip - security update
DLA-695-1spip - security update
DSA-3518-1spip - security update
DSA-3518-1spip - security update
DSA-2794-1spip - several
DSA-2794-1spip - several
DSA-2694-1spip - privilege escalation
DSA-2694-1spip - privilege escalation
DSA-2461-1spip - several
DSA-2349-1spip - several
DSA-2229-1spip - programming error

Search for package or bug name: Reporting problems