Package "spip"

Name:	spip
Description:	website engine for publishing
Latest version:	4.3.1+dfsg-1ubuntu0.1
Release:	oracular (24.10)
Level:	updates
Repository:	universe
Homepage:	https://www.spip.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "spip"

All arch deb package

APT INSTALL

Other versions of "spip" in Oracular

Repository	Area	Version
base	universe	4.3.1+dfsg-1
security	universe	4.3.1+dfsg-1ubuntu0.1

Changelog

Version: 4.3.1+dfsg-1ubuntu0.1 2025-03-04 03:06:51 UTC

spip (4.3.1+dfsg-1ubuntu0.1) oracular-security; urgency=medium * SECURITY UPDATE: Cross site scripting - debian/patches/CVE-2022-23638.patch: Refactor sanitization code - CVE-2022-23638 * SECURITY UPDATE: Command injection - debian/patches/CVE-2024-8517.patch: Add check to remove invalid keys from _FILES array - CVE-2024-8517 -- Bruce Cable <email address hidden> Tue, 18 Feb 2025 15:01:37 +1100

CVE-2022-23638	svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to v
CVE-2024-8517	SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary opera

About - Send Feedback to @ubuntu_updates

Package "spip"

Links

Download "spip"

Other versions of "spip" in Oracular

Changelog

Share this page

Bookmarks

Latest updates

updates

security

proposed

PPA updates