PublicDateAtUSN: 2019-09-17 21:15:00 UTC
Candidate: CVE-2019-16393
PublicDate: 2019-09-17 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16393
 https://core.spip.net/issues/4362
 https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
 https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-Sortie-de-SPIP-3-2-5-et-SPIP-3-1-11.html
 https://ubuntu.com/security/notices/USN-4536-1
Description:
 SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in
 ecrire/inc/headers.php with a %0D, %0A, or %20 character.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_spip:
 upstream: https://git.spip.net/SPIP/spip/commit/0b832408b0aabd5b94a81e261e9413c0f31a19f1
upstream_spip: released (3.2.5-1)
precise/esm_spip: DNE
trusty_spip: ignored (out of standard support)
trusty/esm_spip: DNE
xenial_spip: ignored (end of standard support, was needed)
bionic_spip: released (3.1.4-4~deb9u3build0.18.04.1)
disco_spip: ignored (reached end-of-life)
eoan_spip: ignored (reached end-of-life)
focal_spip: not-affected (3.2.5-1)
groovy_spip: not-affected (3.2.5-1)
hirsute_spip: not-affected (3.2.5-1)
impish_spip: not-affected (3.2.5-1)
jammy_spip: not-affected (3.2.5-1)
devel_spip: not-affected (3.2.5-1)