Source: spip Version: 3.1.3-1 Severity: important Tags: security upstream patch
Hi, the following vulnerabilities were published for spip. CVE-2016-9997[0]: 'id' parameter in '/ecrire/exec/puce_statut.php' XSS CVE-2016-9998[1]: 'plugin' parameter in '/ecrire/exec/info_plugin.php' XSS If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9997 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9997 [1] https://security-tracker.debian.org/tracker/CVE-2016-9998 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9998 Please adjust the affected versions in the BTS as needed. Only sid's version has been doublechecked so far. Regards, Salvatore -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
