Control: fixed -1 4.1.9+dfsg-1+deb12u4 From https://sources.debian.org/src/spip/4.1.9%2Bdfsg-1%2Bdeb12u4/debian/changelog/
spip (4.1.9+dfsg-1+deb12u4) bookworm; urgency=medium * Backport security fix from 4.1.15 - fix XSS in uploaded files using bigup -- David Prévot <taf...@debian.org> Fri, 12 Jan 2024 13:42:36 +0100 spip (4.1.9+dfsg-1+deb12u3) bookworm; urgency=medium * Backport security fix from 4.1.13 - fix XSS when calling some templates -- David Prévot <taf...@debian.org> Thu, 21 Dec 2023 19:24:13 +0100 The 4.1.13 backport was part of 4.1.9+dfsg-1+deb12u3, but it seems it was not uploaded. On Fri, 22 Dec 2023 16:57:40 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: spip > Version: 4.1.12+dfsg-1 > Severity: important > Tags: security upstream > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: fixed -1 4.1.13+dfsg-1 > Control: found -1 4.1.9+dfsg-1+deb12u2 > Control: found -1 3.2.11-3+deb11u9 > > Filling a bug for tracking (as otherwise beeing a unspecified TEMP > entry), as the issue has no CVE: 4.1.13 fixes an issue: > > * fix: les modèles insérés dans un texte héritent automatiquement du > contexte, a l'insu des redacteurs. Securiser ce qui proviendrait de > variables envoyées par l'utilisateur > > https://tracker.debian.org/news/1488834/accepted-spip-4113dfsg-1-source-into-unstable/ > > Regards, > Salvatore
signature.asc
Description: PGP signature