[Git][security-tracker-team/security-tracker][master] Add CVE-2021-44120/spip
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 27 23:07:28 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6b895fac by Salvatore Bonaccorso at 2022-01-28T00:06:59+01:00
Add CVE-2021-44120/spip
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -12606,7 +12606,9 @@ CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vu
CVE-2021-44121
REJECTED
CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...)
- TODO: check
+ - spip 3.2.12-1
+ NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81
+ NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12)
CVE-2021-44119
RESERVED
CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...)
=====================================
data/DLA/list
=====================================
@@ -110,7 +110,7 @@
[29 Dec 2021] DLA-2857-2 postgis - regression update
[stretch] - postgis 2.3.1+dfsg-2+deb9u2
[29 Dec 2021] DLA-2867-1 spip - security update
- {CVE-2021-44122}
+ {CVE-2021-44120 CVE-2021-44122}
[stretch] - spip 3.1.4-4~deb9u4+deb9u2
[29 Dec 2021] DLA-2866-1 uw-imap - security update
{CVE-2018-19518}
=====================================
data/DSA/list
=====================================
@@ -128,7 +128,7 @@
[buster] - sogo 4.0.7-1+deb10u2
[bullseye] - sogo 5.0.1-4+deb11u1
[22 Dec 2021] DSA-5028-1 spip - security update
- {CVE-2021-44122}
+ {CVE-2021-44120 CVE-2021-44122}
[buster] - spip 3.2.4-1+deb10u5
[bullseye] - spip 3.2.11-3+deb11u1
[21 Dec 2021] DSA-5027-1 xorg-server - security update
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b895fac132f7dc2ea3aafc4ece397e2750dc621
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b895fac132f7dc2ea3aafc4ece397e2750dc621
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220127/48bd7967/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list