-
moin (1.9.9-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776)
-- Salvatore Bonaccorso <email address hidden> Thu, 11 Oct 2018 20:54:28 +0200
-
moin (1.9.9-1ubuntu1.18.10.1) cosmic-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Oct 2018 10:54:19 -0300
-
moin (1.9.9-1ubuntu1) zesty; urgency=medium
* Merge from debian, remaining changes:
+ debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
- Drop python-mysqldb in favor of python-pymysql.
+ debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
* Drop the following patches, no longer needed:
- debian/patches/CVE-2016-7146.patch
- debian/patches/CVE-2016-7148.patch
- debian/patches/CVE-2016-9119.patch
-- Jon Grimm <email address hidden> Tue, 07 Feb 2017 15:13:22 -0600
