UbuntuUpdates.org

Package "python-moinmoin"

Name: python-moinmoin

Description:

Python clone of WikiWiki - library

Latest version: 1.9.8-1ubuntu1.16.04.3
Release: xenial (16.04)
Level: updates
Repository: main
Head package: moin
Homepage: http://moinmo.in/

Links


Download "python-moinmoin"


Other versions of "python-moinmoin" in Xenial

Repository Area Version
base main 1.9.8-1ubuntu1
security main 1.9.8-1ubuntu1.16.04.3

Changelog

Version: 1.9.8-1ubuntu1.16.04.3 2020-11-11 17:06:36 UTC

  moin (1.9.8-1ubuntu1.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS vulnerability
    - debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability
      via SVG attachment in MoinMoin/config/__init__.py,
      MoinMoin/config/multiconfig.py.
    - CVE-2020-15275
  * SECURITY UPDATE: Remote code execution
    - debian/patches/CVE-2020-25074.patch: fix remote code execution
      via cache action in MoinMoin/action/cache.py.
    - CVE-2020-25074

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:46:18 -0300

Source diff to previous version
CVE-2020-15275 malicious SVG attachment causing stored XSS vulnerability
CVE-2020-25074 The cache action in action/cache.py in MoinMoin through 1.9.10 allows ...

Version: 1.9.8-1ubuntu1.16.04.2 2018-10-16 16:06:28 UTC

  moin (1.9.8-1ubuntu1.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS in GUI editor
    - debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
    - CVE-2017-5934

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:31:35 -0300

Source diff to previous version
CVE-2017-5934 Cross-site scripting (XSS) vulnerability in the link dialogue in GUI ...

Version: 1.9.8-1ubuntu1.16.04.1 2016-11-23 20:06:48 UTC

  moin (1.9.8-1ubuntu1.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: XSS in attachment dialogue
    - debian/patches/CVE-2016-7146.patch: properly escape page_name in
      MoinMoin/action/fckdialog.py.
    - CVE-2016-7146
  * SECURITY UPDATE: XSS in AttachFile view
    - debian/patches/CVE-2016-7148.patch: properly escape pagename in
      MoinMoin/action/AttachFile.py.
    - CVE-2016-7148
  * SECURITY UPDATE: XSS in link dialogue
    - debian/patches/CVE-2016-9119.patch: properly escape strings in
      MoinMoin/action/fckdialog.py.
    - CVE-2016-9119

 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500

CVE-2016-7146 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "
CVE-2016-7148 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scri
CVE-2016-9119 XSS in GUI editor's link dialogue



About   -   Send Feedback to @ubuntu_updates