spip 3.1.4-4~deb9u5build0.18.04.1 source package in Ubuntu


spip (3.1.4-4~deb9u5build0.18.04.1) bionic-security; urgency=medium

  * fake sync from Debian to fix CVE-2020-28984, CVE-2022-26846 and
    CVE-2022-26847 (LP: #1971185).

spip (3.1.4-4~deb9u5) stretch-security; urgency=medium

  * Non-maintainer upload.
  * Switch back to a sane version number.
  * Add missing dependency on php-xml.
  * Recommend php-gd.
  * Fix security issues, backported from buster:
  * XSS:
    - 0049-Verifier-qu-on-a-bien-le-droit-de-modifier-le-login-.patch
    - 0050-appliquer-rawurlencode-aussi-sur-les-tableaux-qu-on-.patch
  * CVE-2022-26846, CVE-2022-26847:
    - 0022-Utilisation-des-fonctions-de-sanitization-sur-galeri.patch
      + prerequisite.
    - 0051-D-pr-cier-et-s-curiser-l-insertion-d-une-galerie-dan.patch
      + Don't use nullable types, not available in PHP 7.0 in stretch.

spip (3.1.4-4~deb9u4+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload by the LTS Security Team.
  * Backport security fixes from 3.2.12
    - SQL injections, remote code execution, XSS
  * Fix Articles and Sections editing screens in admin area, which got broken in
    previous upload.
  * Fix user Preferences screen, which got broken in 3.1.4-4~deb9u4.

spip (3.1.4-4~deb9u4+deb9u1) stretch-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Team.
  * Fix TEMP-0000000-803658

spip (3.1.4-4~deb9u4) stretch-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix CVE-2020-28984: did not correctly validate he couleur,
    display, display_navigation, display_outils, imessage, and
    spip_ecran parameters.

 -- Luís Infante da Câmara <email address hidden>  Tue, 14 Jun 2022 16:41:55 +0200

Upload details

Uploaded by:
Luís Cunha dos Reis Infante da Câmara
Sponsored by:
Eduardo Barretto
Uploaded to:
Original maintainer:
David Prevot
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates universe web
Bionic security universe web


Bionic: [FULLYBUILT] amd64


File Size SHA-256 Checksum
spip_3.1.4.orig.tar.xz 5.6 MiB 884778eca338242da714641727b9acaa8ec10a5aefeefc1dbe1d38ad379d8318
spip_3.1.4-4~deb9u5build0.18.04.1.debian.tar.xz 105.9 KiB 7346a69d17ea03b5c074c7eb0234e5542a6735699e23e3ef154394bfdc70c2b2
spip_3.1.4-4~deb9u5build0.18.04.1.dsc 1.8 KiB 0ae8e16f6f0cbfcde48156af2c2413294f8a439a8f75edf525ad501310c98657

View changes file

Binary packages built by this source

spip: website engine for publishing

 SPIP is a publishing system for the Internet in which great importance
 is attached to collaborative working, to multilingual environments,
 and to simplicity of use for web authors.
 SPIP's benefit consists in:
  * managing a magazine type site i.e. made up mainly of
    articles and news items inserted in an arborescence
    of sections nested in each others.
  * completely separating and distributing three kinds of tasks
    over various players: the graphic design, the site editorial
    input through the submission of articles and news items and
    the site editorial management.
  * spare the webmaster and all the participants to the life of
    the site, a number of tedious aspects of web publishing as
    well as the need to learn lengthy technical skills.
    SPIP allows you to start creating your sections and
    articles straight away.