Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[CVE-2012-2151] spip: multiple XSS

Related Vulnerabilities: CVE-2012-2151  

Source

Debian Bug report logs - #671264
[CVE-2012-2151] spip: multiple XSS

version graph

Package: spip; Maintainer for spip is David Prévot <taffit@debian.org>; Source for spip is src:spip (PTS, buildd, popcon).

Reported by: Luciano Bello <luciano@debian.org>

Date: Wed, 2 May 2012 20:09:01 UTC

Severity: grave

Tags: security, upstream

Merged with 670110

Found in versions spip/2.1.1-3squeeze2, spip/2.1.12-1

Fixed in versions spip/2.1.1-3squeeze3, spip/2.1.13-1

Done: David Prévot <taffit@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>:
Bug#671264; Package spip. (Wed, 02 May 2012 20:09:04 GMT) (full text, mbox, link).

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to SPIP packaging team <spip-maintainers@lists.alioth.debian.org>. (Wed, 02 May 2012 20:09:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: [CVE-2012-2151] spip: multiple XSS
Date: Wed, 2 May 2012 21:57:45 +0200
Package: spip
Severity: grave
Tags: security 

The following vulnerability has been reported against spip:
http://www.openwall.com/lists/oss-security/2012/05/01/4

Please use CVE-2012-2151 for this issue.

Cheers,
luciano

Information forwarded to debian-bugs-dist@lists.debian.org, SPIP packaging team <spip-maintainers@lists.alioth.debian.org>:
Bug#671264; Package spip. (Thu, 03 May 2012 00:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to David Prévot <david@tilapin.org>:
Extra info received and forwarded to list. Copy sent to SPIP packaging team <spip-maintainers@lists.alioth.debian.org>. (Thu, 03 May 2012 00:03:03 GMT) (full text, mbox, link).

Message #10 received at 671264@bugs.debian.org (full text, mbox, reply):

From: David Prévot <david@tilapin.org>
To: Luciano Bello <luciano@debian.org>, 671264@bugs.debian.org, rt@rt.debian.org
Subject: [rt.debian.org #3807] Bug#671264: [CVE-2012-2151] spip: multiple XSS
Date: Wed, 02 May 2012 19:58:37 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

forcemerge 670110 671264
thanks

Hi Luciano

Le 02/05/2012 15:57, Luciano Bello a écrit :

> The following vulnerability has been reported against spip:
> http://www.openwall.com/lists/oss-security/2012/05/01/4
> 
> Please use CVE-2012-2151 for this issue.

Thanks, this has already been fixed by DSA-2461-1 in 2.1.1-3squeeze3
(and 2.1.13-1 in Sid), but we were not aware of a CVE at that time.

Can the CVE information be added to the security tracker?

Regards

David

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJPocotAAoJELgqIXr9/gnyl8sP/joPO9RtSoDqjD983mtm12sd
ZTiVJlEcz+DbenICZY2VM3dOOnw+eSrUKJ37W61SK08U2stUI/94nhXoQeYRKC+P
+zpnKyMdzd1/L6bjXSN5Pziv1p7eV4C0/A81kxlgNQohSbDBaKhzlyT/8hMVC59J
+4Jz1xPTvcJhwuDQH7pM2OBdn9Z92fRu4BFmknlGog1ZQIphnNqYOYhSzp2NENsS
DlgUhjoW5Dld1Iosc7SdN8Bu1vIFnvY3dEGFnczcHmXdrMUh4pYJVq1rlbsXxvW/
nims5OXBJqH0FMwb5pS9DgPkuaAGGxP8KsxFGaK8C1dDvha7fFT13eZzT23wwvP5
EupTvRQb3fgr/RJGbvFjloq4jpDlQl9qJfbpriMcLGjLqeRQRe5wIAVTSSYEJ0HZ
9fcenhzvAWafJRaOwbZ5OJceiJLkGyznQyz3lMoA/20Zf1zdtf57YHIVYuCYbV7L
ABgWG7gXpu33XWpwqhGp4IgVHRVb+/IDdV6TSKbykihnmeTUUzVVgQkw4fEVCgmH
I9Xvpxx6K0dBRkeWrArOB8XdsPwU6Caorhi0gEwwV02e0pv9en9HbEEG7L9tpkIb
fKy9MGBSCn7pXUgZM/1uK9ibedLR3BYcZRRzBWn8Dw1uLxqJkXAD1o2hVNzOFTpS
i1cyvYnJgmaS6OMPFoWj
=wyjP
-----END PGP SIGNATURE-----

Marked Bug as done Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Thu, 03 May 2012 00:03:05 GMT) (full text, mbox, link).

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).

Marked as fixed in versions spip/2.1.1-3squeeze3 and spip/2.1.13-1. Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).

Marked as found in versions spip/2.1.1-3squeeze2 and spip/2.1.12-1. Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Thu, 03 May 2012 00:03:06 GMT) (full text, mbox, link).

Added tag(s) upstream. Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Thu, 03 May 2012 00:03:07 GMT) (full text, mbox, link).

Merged 670110 671264 Request was from David Prévot <david@tilapin.org> to control@bugs.debian.org. (Thu, 03 May 2012 00:03:08 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 31 May 2012 07:34:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:08:03 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started