DSA-5325-1

Source
https://storage.googleapis.com/debian-osv/dsa-osv/DSA-5325-1.json
Published
2023-01-24T00:00:00Z
Modified
2023-01-25T19:07:49.821523Z
Details

It was discovered that SPIP, a website engine for publishing, would allow a malicious user to SQL injection attacks, or bypass authorization access.

For the stable distribution (bullseye), this problem has been fixed in version 3.2.11-3+deb11u6.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to its security tracker page at: \ https://security-tracker.debian.org/tracker/spip

References

Affected packages

Debian:11 / spip

spip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.2.11-3+deb11u6

Affected versions

3.*

3.2.11-3
3.2.11-3+deb11u1
3.2.11-3+deb11u2
3.2.11-3+deb11u3
3.2.11-3+deb11u4
3.2.11-3+deb11u5