Package "python-moinmoin"

Name:	python-moinmoin
Description:	Python clone of WikiWiki - library
Latest version:	1.9.3-1ubuntu2.3
Release:	precise (12.04)
Level:	security
Repository:	main
Head package:	moin
Homepage:	http://moinmo.in/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "python-moinmoin"

All arch deb package

APT INSTALL

Other versions of "python-moinmoin" in Precise

Repository	Area	Version
base	main	1.9.3-1ubuntu2
updates	main	1.9.3-1ubuntu2.3

Changelog

Version: 1.9.3-1ubuntu2.3 2016-11-23 19:06:48 UTC

moin (1.9.3-1ubuntu2.3) precise-security; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:54:06 -0500

Source diff to previous version

CVE-2016-7146	MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "
CVE-2016-9119	XSS in GUI editor's link dialogue

Version: 1.9.3-1ubuntu2.2 2012-12-30 04:06:52 UTC

Version: 1.9.3-1ubuntu2.2	2012-12-30 04:06:52 UTC
moin (1.9.3-1ubuntu2.2) precise-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:20:21 -0600
Source diff to previous version

moin (1.9.3-1ubuntu2.2) precise-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:20:21 -0600

Source diff to previous version

Version: 1.9.3-1ubuntu2.1 2012-10-11 13:06:55 UTC

moin (1.9.3-1ubuntu2.1) precise-security; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:18:19 -0400

CVE-2011-1058	Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is instal
CVE-2012-4404	security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "

About - Send Feedback to @ubuntu_updates

Package "python-moinmoin"

Links

Download "python-moinmoin"

Other versions of "python-moinmoin" in Precise

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates