Package "python-moinmoin"
Name: |
python-moinmoin
|
Description: |
Python clone of WikiWiki - library
|
Latest version: |
1.9.3-1ubuntu2.3 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
main |
Head package: |
moin |
Homepage: |
http://moinmo.in/ |
Links
Download "python-moinmoin"
Other versions of "python-moinmoin" in Precise
Changelog
moin (1.9.3-1ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:54:06 -0500
|
Source diff to previous version |
CVE-2016-7146 |
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a " |
CVE-2016-9119 |
XSS in GUI editor's link dialogue |
|
moin (1.9.3-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:20:21 -0600
|
Source diff to previous version |
moin (1.9.3-1ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:18:19 -0400
|
CVE-2011-1058 |
Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is instal |
CVE-2012-4404 |
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or " |
|
About
-
Send Feedback to @ubuntu_updates