[Secure-testing-team] Bug#569975: python-moinmoin: Serious security issue in all moinmoin versions
John Goerzen
jgoerzen at complete.org
Mon Feb 15 15:29:04 UTC 2010
Package: python-moinmoin
Version: 1.5.3-1.2etch2
Severity: grave
Tags: security
Justification: user security hole
Per http://moinmo.in/SecurityFixes, there is a major security issue in
moin. It affects all moin versions from "1.5.0 up to and including
1.9.1".
This means that all of these versions are vulnerable:
etch (oldstable): 1.5.3-1.2etch2
lenny (stable): 1.7.1-3+lenny2
squeeze (testing) & sid (unstable): 1.9.1-1
The Moin team has released 1.8.7, which patches the issue in 1.8.6.
They have not yet issued a patch for any other branch, including the
1.9.1 branch, although it appears that they are working on it. That
patch may be instructive on patching these other versions.
More information about the Secure-testing-team
mailing list