TEMP-0000000-803658

NameTEMP-0000000-803658
Descriptionseveral security fixes: PHP injections, XSS and secrets stored in session file
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
spip (PTS)jessie, jessie (lts)3.0.17-2+deb8u5vulnerable
stretch (security), stretch (lts), stretch3.1.4-4~deb9u5fixed
buster (security), buster, buster (lts)3.2.4-1+deb10u13fixed
bullseye3.2.11-3+deb11u10fixed
bullseye (security)3.2.11-3+deb11u7fixed
sid, trixie4.3.4+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
spipsourcejessie(unfixed)end-of-life
spipsourcestretch3.1.4-4~deb9u4+deb9u1
spipsourcebuster3.2.4-1+deb10u4
spipsource(unstable)3.2.9-1

Search for package or bug name: Reporting problems