Debian Package Tracker
Register | Log in
Subscribe

pluxml

light blog/CMS engine powered by XML

Choose email to subscribe with

general
  • source: pluxml (main)
  • version: 5.6-1
  • maintainer: Tanguy Ortolo (DMD)
  • arch: all
  • std-ver: 4.1.3
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 5.5-2
  • oldstable: 5.6-1
  • unstable: 5.6-1
versioned links
  • 5.5-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 5.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • pluxml (1 bugs: 0, 1, 0, 0)
action needed
12 security issues in stretch high

There are 12 open security issues in stretch.

9 important issues:
  • CVE-2007-3432: Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
  • CVE-2007-3542: Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
  • CVE-2012-4674: PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
  • CVE-2012-4675: Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
  • CVE-2022-24585: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
  • CVE-2022-24586: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
  • CVE-2022-24587: A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
  • CVE-2022-25018: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
  • CVE-2022-25020: A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
3 issues postponed or untriaged:
  • CVE-2021-38602: (needs triaging) PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
  • CVE-2021-38603: (needs triaging) PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
  • CVE-2017-1001001: (needs triaging) PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Created: 2022-02-16 Last update: 2022-03-25 20:00
11 security issues in sid high

There are 11 open security issues in sid.

11 important issues:
  • CVE-2007-3432: Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
  • CVE-2007-3542: Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
  • CVE-2012-4674: PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
  • CVE-2012-4675: Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
  • CVE-2021-38602: PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
  • CVE-2021-38603: PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
  • CVE-2022-24585: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
  • CVE-2022-24586: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
  • CVE-2022-24587: A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
  • CVE-2022-25018: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
  • CVE-2022-25020: A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
Created: 2021-08-13 Last update: 2022-03-25 20:00
11 security issues in buster high

There are 11 open security issues in buster.

9 important issues:
  • CVE-2007-3432: Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
  • CVE-2007-3542: Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
  • CVE-2012-4674: PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
  • CVE-2012-4675: Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
  • CVE-2022-24585: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.
  • CVE-2022-24586: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.
  • CVE-2022-24587: A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.
  • CVE-2022-25018: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.
  • CVE-2022-25020: A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.
2 ignored issues:
  • CVE-2021-38602: PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
  • CVE-2021-38603: PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
Created: 2021-08-13 Last update: 2022-03-25 20:00
lintian reports 4 errors and 2 warnings high
Lintian reports 4 errors and 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-09-21 Last update: 2022-01-01 04:34
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2020-11-28 Last update: 2022-05-19 10:07
version in VCS is newer than in repository, is it time to upload? normal
vcswatch reports that this package seems to have a new changelog entry (version 5.6-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:
commit 3ab4fd88c43af8ea3d2bdd1278605193eb203f5f
Merge: 1c53955 26df74e
Author: Tanguy Ortolo <tanguy.ortolo@adobe.com>
Date:   Tue Jan 22 16:14:17 2019 +0100

    Merge remote-tracking branch 'ortolo/master'
    
    * ortolo/master: (236 commits)
      Update Standards-Version to 4.1.3
      Remove obsolete Lintian overrides
      Remove useless exec rights on a PHP class file
      Update version in generated configuration file
      Use a secure URL for the copyright format
      Add default-mta to the recommends
      Add Rules-Requires-Root to control
      Switch package priority from extra to optional
      Switch to debhelper 9
      Remove trailing whitespace
      Add a patch to mitigate CVE-2017-1001001
      Remove captcha patch applied upstream
      Add new config parameter bypage_tags
      Update Spanish template translation
      Update changelog with new version
      modif param fct
      gestion langue
      réglage css
      réglages theme
      affichage mode
      ...

commit 1c53955d8b13dcecbdd4b7b47201543fc4488a11
Author: Tanguy Ortolo <tanguy.ortolo@adobe.com>
Date:   Tue Jan 22 16:12:10 2019 +0100

    Remove unexpected temporary files on exit

commit c997ac5fb11007b78170db00344a0bf073dc4d50
Author: Tanguy Ortolo <tanguy.ortolo@adobe.com>
Date:   Tue Jan 22 16:11:09 2019 +0100

    Correct unescaped $ in a generated conffile
Created: 2019-01-23 Last update: 2022-05-19 07:03
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.1.3).
Created: 2018-04-16 Last update: 2022-05-11 23:24
testing migrations
  • excuses:
    • Migration status for pluxml (- to 5.6-1): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating pluxml would introduce bugs in testing: #1008264
    • ∙ ∙ Not built on buildd: arch all binaries uploaded by tanguy+debian@ortolo.eu, a new source-only upload is needed to allow migration
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/p/pluxml.html
    • ∙ ∙ 1519 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2020-11-29] pluxml REMOVED from testing (Debian testing watch)
  • [2018-03-27] pluxml 5.6-1 MIGRATED to testing (Debian testing watch)
  • [2018-03-21] Accepted pluxml 5.6-1 (source all) into unstable (Tanguy Ortolo)
  • [2017-12-15] pluxml REMOVED from testing (Debian testing watch)
  • [2016-08-18] pluxml 5.5-2 MIGRATED to testing (Debian testing watch)
  • [2016-08-12] Accepted pluxml 5.5-2 (source all) into unstable (Tanguy Ortolo)
  • [2016-05-14] pluxml 5.5-1 MIGRATED to testing (Debian testing watch)
  • [2016-05-08] Accepted pluxml 5.5-1 (source all) into unstable (Tanguy Ortolo)
  • [2015-07-29] pluxml 5.4-1 MIGRATED to testing (Britney)
  • [2015-07-23] Accepted pluxml 5.4-1 (source all) into unstable (Tanguy Ortolo)
  • [2014-09-11] pluxml 5.3.1-2 MIGRATED to testing (Britney)
  • [2014-08-31] Accepted pluxml 5.3.1-2 (source all) into unstable (Tanguy Ortolo)
  • [2014-04-24] pluxml 5.3.1-1 MIGRATED to testing (Debian testing watch)
  • [2014-04-18] Accepted pluxml 5.3.1-1 (source all) (Tanguy Ortolo)
  • [2014-01-20] pluxml 5.3-1 MIGRATED to testing (Debian testing watch)
  • [2014-01-14] Accepted pluxml 5.3-1 (source all) (Tanguy Ortolo)
  • [2013-12-02] pluxml 5.2-4 MIGRATED to testing (Debian testing watch)
  • [2013-11-25] Accepted pluxml 5.2-4 (source all) (Tanguy Ortolo)
  • [2013-11-07] pluxml 5.2-3 MIGRATED to testing (Debian testing watch)
  • [2013-10-27] Accepted pluxml 5.2-3 (source all) (Tanguy Ortolo)
  • [2013-09-13] pluxml 5.2-2 MIGRATED to testing (Debian testing watch)
  • [2013-09-02] Accepted pluxml 5.2-1 (source amd64) (Tanguy Ortolo)
  • [2013-09-02] Accepted pluxml 5.2-2 (source all) (Tanguy Ortolo)
bugs [bug history graph]
  • all: 2
  • RC: 1
  • I&N: 1
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (4, 2)
  • buildd: logs, clang
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • l10n (99, -)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 5.6-1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing