Multiple vulnerabilities in the SPIP website engine, including CVE-2026-8429 (CVSS 8.8) and CVE-2026-8430 (CVSS 8.1), could lead to remote code execution or open redirect attacks. For Debian's stable distribution (trixie), these issues are resolved in SPIP version 4.4.15+dfsg-0+deb13u1. Users are advised to upgrade their `spip` packages immediately.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6296-1] spip security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6296-1] spip security update From: Salvatore Bonaccorso <carnil@debian.org> Date: Mon, 25 May 2026 15:12:28 +0000 Message-id: <[🔎] E1wRWyi-00000003Alf-35uj@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6296-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 25, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : spip CVE ID : CVE-2026-8429 CVE-2026-8430 CVE-2026-48832 Multiple vulnerabilities were discovered in SPIP, a website engine for publishing, which may result in remote code execution or an open redirect. For the stable distribution (trixie), these problems have been fixed in version 4.4.15+dfsg-0+deb13u1. We recommend that you upgrade your spip packages. For the detailed security status of spip please refer to its security tracker page at: https://security-tracker.debian.org/tracker/spip Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmoUZf9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R4KRAAgxqOxC7m/oNncv8zoEAT41jF/G5xWZs9J5zIcqvNFelnYbC0GSZJpi32 IQ7x/dfN2YRSzbNFfaYzq9BbiNMakIVQnuyLSQ3M/22ARi3QgpRNZkelhIoK0KG+ 8UIZl+Q04jNW+2oOYhZ3KMfotXRhReUkBEOeFS9mu1Vyt5lk5uQH5ECTK/aR+CD/ A2HD9x4sgeJ4twBCZ28pb+lJ+/f29rhF1ETr1YJ86Yxo6WOFGRdYAqrKRCQTENXZ Xi2oPV28+Ar4/5kVyd4FKNSioUx90fyO1FddlJ4pKvz8S7vX/Ms+RyJFuEl7CwPn eyFgB61c+QJyl4G8oXxsa1GXooF7tDoGtIetxML7IG/blzuQHW3OjGzu3V/dGij6 EQ99ZBL+7enxYvWS+OfuuRAcypJi2Gpmg2aanpHQQgb/gzcbG/eUkAzweLHcMu0Y fPRCbFf92YH4pE44n6VRGvnTjzSN3cPwLktQ4DQm4Em66VX9uih/M8U1witi9rtc 0ahWEFIRDV8rzqS0tNTb8hnrKnJhi+JJ1CoTBDc/c3ZVIg3MAwRTPnSVbYqDeXvT sgAExqkiANf+h8HwnNoWoGB+ybuaXpEb5rBW0J5mY7wqXpGHuV5KOFG49xcUGarl MOyFUFW+nbtH1tgWr1c0FxAihV7IZm8L1v4iBMFpETNcaoI3WAc= =dfAd -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Salvatore Bonaccorso (on-list) Salvatore Bonaccorso (off-list) Prev by Date: [SECURITY] [DSA 6295-1] linux security update Previous by thread: [SECURITY] [DSA 6295-1] linux security update Index(es): Date Thread