Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.announce.security > #4739

[SECURITY] [DSA 6174-1] spip security update

From Salvatore Bonaccorso <carnil@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6174-1] spip security update
Date 2026-03-22 10:50 +0100
Message-ID <MBnBv-9pEB-5@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6174-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 22, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : spip
CVE ID         : CVE-2026-33549

Jul Blobul discovered that SPIP, a website engine for publishing, is
prone to a privilege escalation vulnerability.

For the stable distribution (trixie), this problem has been fixed in
version 4.4.13+dfsg-0+deb13u1.

We recommend that you upgrade your spip packages.

For the detailed security status of spip please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/spip

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmm/uKtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QzLg/9GEAUj9NuDK9+ArZcYFAG3bCsdmjLReylAOYf+nJlugtMiG/jbAQhm4Ik
RDFwLItfRdpMiq6H0yz1GAGu0ccx2CGxvibIyUhd0zapn/0GKc9ZoiRNzS6a7DyL
eKk140HSsW17hMfDifOXKmYdQ1ILBCXRygcwERaXMsnjupKGv5bkxenwpEYqu7/z
shsbJBICh78+3pVa9xZ/rxbXmONd5sADnjBnIfjRvHnhwCmfTP/MxRaJ/496Ri+M
RKeI+tAJ3REkk+ks0pigE3sHVzrI6eIfbX/WMkVhUanEQiU9MjdPJYCBcmxzLMGc
36VRt6HsrWOieJToM9dYF/ho0ovXTFg386FTV3BsOZllmAVCLc7dgGYQV2xARrpC
h1+ztJWrzRO8WzA4UwAl9BHGm+Xm+/pjBjbzrp4wR0uLvq0V056KWVP+XR+UTwtq
Qgil/3VwpnjOdW8FBHimjH9naU+CPq+VHnzfpqE3HDSgkBGF2JP/fXOVhUyyJKhT
8HtdHn0ZTG7cfOgu0/mblLEkdUKbsE1xUPK6RzCUIvE/4z+1P/8ko6ailBzIUFct
5Ru1Ez18GAGWxbGfJAHKUy7Ffw/MzHxbv00Z/fl5H1s1yYPZRNfTG5cVUl0v2xpP
Ls9eG1o9B096oxRrNC7l7RYbuyFTEBcndGVPF+ifhvuR6XIN1J4=
=xqU0
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6174-1] spip security update Salvatore Bonaccorso <carnil@debian.org> - 2026-03-22 10:50 +0100

csiph-web