-
moin (1.9.9-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability
via SVG attachment in MoinMoin/config/__init__.py,
MoinMoin/config/multiconfig.py.
- CVE-2020-15275
* SECURITY UPDATE: Remote code execution
- debian/patches/CVE-2020-25074.patch: fix remote code execution
via cache action in MoinMoin/action/cache.py.
- CVE-2020-25074
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:28:46 -0300
-
moin (1.9.9-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:38:19 -0300
-
moin (1.9.9-1ubuntu1) zesty; urgency=medium
* Merge from debian, remaining changes:
+ debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
- Drop python-mysqldb in favor of python-pymysql.
+ debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
* Drop the following patches, no longer needed:
- debian/patches/CVE-2016-7146.patch
- debian/patches/CVE-2016-7148.patch
- debian/patches/CVE-2016-9119.patch
-- Jon Grimm <email address hidden> Tue, 07 Feb 2017 15:13:22 -0600
