Source: spip Version: 3.1.4-2 Severity: grave Tags: security upstream Justification: user security hole Control: fixed -1 3.1.4-2
As per https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta?var_zapl=non > A CRITICAL flaw was discovered recently in SPIP, allowing the > execution of arbitrary code. > > It affects SPIP 3.1.x and 3.2 versions (alpha & beta), and impacts all > websites using these versions. > SPIP 3.0.x and earlier versions are not affected by this issue. > > It is imperative to update your SPIP website as soon as possible. > > In the meantime, the security screen version 1.3.2 will block possible > exploitations of the vulnerability. Updating the security screen > remains a transitional measure that should not prevent you from > updating SPIP as soon as possible. > > The team thanks Emeric Boit and ANSSI for identifying and reporting > the issue. and since there is no CVE to track the issue, filling the bug in the BTS even though already fixed in unstable. Regards, Salvatore