[SECURITY] [DLA 717-1] moin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 717-1] moin security update
From: Markus Koschany <apo@debian.org>
Date: Tue, 22 Nov 2016 15:58:23 +0100
Message-id: <[🔎] 6f9b7be7-ce08-4e18-b9c0-ca929ad38e0a@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : moin
Version        : 1.9.4-8+deb7u3
CVE ID         : CVE-2016-7146 CVE-2016-9119
Debian Bug     : 844338 844340

Several cross-site scripting vulnerabilities were discovered in moin, a
Python clone of WikiWiki. A remote attacker can conduct cross-site
scripting attacks via the GUI editor's attachment dialogue
(CVE-2016-7146) and the GUI editor's link dialogue (CVE-2016-9119).

For Debian 7 "Wheezy", these problems have been fixed in version
1.9.4-8+deb7u3.

We recommend that you upgrade your moin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlg0XQ9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSoyA/8C/EP5Ag81Q6XtARRABcf9PKNNdcj8f79eHsMU81PcUjiV7CsU/tfifsw
D4Cjbq4RwXKrSe6eOonGMuRkTQ5euwWYcMFwkmJxLt2lf4XdG6590Mvy84rCfwMv
BvgOcJ1Epm+2ADANqXrNCLH3c2/rJXMLnEAASUsPJe/jpgaHWV/FNHT5gmhNpUNP
DuOgN712D85GD6k8XkaMqKLSVoLeT74/FqE5s2ByflfzdIyxLp4bp0PBayt09oDo
s7+HMg65vjF8CgkzBFDEiafmLN/XkwcyEPwZD9GZKhwmu4O+5gz8qoA+1MGIlmsm
n+FrNO/HJ5PTSfmK7dnCDvlrbUZX+2TBND+bfbeZL1NCrTZoDqgYZO75vW+cZt8l
Vc4ot+b0ylkaEJlT6dG0sGcFrekHaUN4AjruwS7Jv59NYLR2E0cexHpQkWwHvT82
+Vn5e8ti1SybTHV58kyvDb3Eo4zVSwjIjjRXrfj9kzAR0m+ArP0OTi3B3bubNPFS
cXI1jz/liuM3yM9PYcsGTzvKSgY7DYpd5FFaK6GKdKgcG3IVax7tRj0st49QgnXS
lN5QzAE353pd/RCAmR2f93U4ntRi+tX9jbWSyYYR/HOfF+FKVij5/7YLA+cyL0fm
FiVWiLSUXJ31lyEVEv+WFlTzYXr51KKRvBNo/D1woiHg/CmJwh8=
=p8Ys
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 716-1] tiff security update
Next by Date: [SECURITY] [DLA 718-1] vim security update
Previous by thread: [SECURITY] [DLA 716-1] tiff security update
Next by thread: [SECURITY] [DLA 718-1] vim security update
Index(es):
- Date
- Thread