Security Information / 2011 / Security Information -- DSA-2349-1 spip

Debian Security Advisory

DSA-2349-1 spip -- several vulnerabilities

Date Reported:

19 Nov 2011

Affected Packages:

spip

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Two vulnerabilities have been found in SPIP, a website engine for publishing, which allow privilege escalation to site administrator privileges and cross-site scripting.

The oldstable distribution (lenny) doesn't include spip.

For the stable distribution (squeeze), this problem has been fixed in version 2.1.1-3squeeze2.

For the unstable distribution (sid), this problem has been fixed in version 2.1.12-1.

We recommend that you upgrade your spip packages.