[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
Hello Luís, 4.5MB feels pretty unlikely for a security fix; the diffstat on that debdiff is all over the place: $ diffstat spip_focal.debdiff /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio-ogg.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-audio.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-hls.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video-mdash.swf |binary /tmp/9oDFeUYni8/spip-3.2.15/plugins-dist/medias/lib/mejs/mediaelement-flash-video.swf |binary spip-3.2.15/.gitignore | 129 spip-3.2.15/CHANGELOG.TXT | 318 + spip-3.2.15/config/ecran_securite.php | 23 ... Normally security fixes add patches to debian/patches/ directory, modify a debian/patches/series file, modifies the debian/changelog. It's very rare to modify files outside of this hierarchy (except for 'native packages', but those don't typically have version numbers this complex). Could you double-check that you've prepared the patches that you thought you prepared? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_jammy.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594136/+files/spip_jammy.debdiff ** Changed in: spip (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_impish.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594134/+files/spip_impish.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_focal.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594133/+files/spip_focal.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
The attachment "spip_bionic.debdiff" seems to be a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
SPIP 3.1 is no longer maintained upstream and Debian has not released fixes for CVE-2022-28959, CVE-2022-28960 and CVE-2022-28961 in Stretch. Therefore, I am not patching these CVEs in Bionic. ** Changed in: spip (Ubuntu) Status: New => In Progress ** Changed in: spip (Ubuntu) Assignee: (unassigned) => Luís Cunha dos Reis Infante da Câmara (luis220413) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28959 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28960 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-28961 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1971185] Re: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy
** Patch added: "spip_bionic.debdiff" https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+attachment/5594128/+files/spip_bionic.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971185 Title: Multiple vulnerabilities in Bionic, Focal, Impish and Jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spip/+bug/1971185/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs