[SECURITY] [DLA 2446-1] moin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2446-1] moin security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 10 Nov 2020 21:43:54 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2011102142570.8411@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2446-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
November 10, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : moin
Version        : 1.9.9-1+deb9u2
CVE ID         : CVE-2020-15275 CVE-2020-25074


Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.

CVE-2020-15275

    Catarina Leite discovered that moin is prone to a stored XSS
    vulnerability via SVG attachments.

CVE-2020-25074

    Michael Chapman discovered that moin is prone to a remote code
    execution vulnerability via the cache action.


For Debian 9 stretch, these problems have been fixed in version
1.9.9-1+deb9u2.

We recommend that you upgrade your moin packages.

For the detailed security status of moin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/moin

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+rCZtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdlKw//TkGJdmhY9tgMSyODHNBwadLhI8CXXR4Un/kibh3IsGAq5rzodwHnZ7w/
YWxlTNpSCG4GuWxqJMZelu0NuHIojdMKx+w8rR+9P1GcOAz0n8Dm4d1OCLsbFHNn
GSXnGcUJjE86Fma5KRyI5sP0/8xXTt4kr/jpU79ibkoT3vcBhy75F/I6R93jkwTq
y1q12AWith51PfbdZj5SmTVBzEyLYdMmeH40sCgUL4PWJAAXWThvUG5VxRtDVGSl
AZiXU/8YeFeMnCXSO/AIp7uLjj2d5H/wpcCOI4iuELyUrxHZs34Rg7dDxaImVMr8
oZ7aVvlOLrBbi5w1z9ZicCtLNIEhNo7ugXl7v8jyrx3nahgmIxohQyJ9K39ltkpx
cp2hDDtlwwgVnrlUoQuxpI4idMtcrYM/3tCnLRhaqfDvqfWaEdDoa+MJ2LiZokIt
PCLBo2DvyZMbF2uYeXooOzYw7zQGJKIquKyQ0Eu5yeFWfUofmgEMN9MLSRj7Zbt1
TT3rgVGGP19aeVHKQqJQnIlIyNXpMRNz7zTxorp3zx8oPbiNdvAIgh0OydYp4z3J
WO8ZkW4gGFrvy5eDnNcJtkvKJ+jC5trdZ8n221IJa5U9j/VoNmOLMQI4lu622/g2
la7sQJLvPKjP8QLIzvzwwNzL3no1PvT0fbIWBBHep9Ya3lnYOq0=
=XoFI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2445-1] libmaxminddb security update
Next by Date: [SECURITY] [DLA 2447-1] pacemaker security update
Previous by thread: [SECURITY] [DLA 2445-1] libmaxminddb security update
Next by thread: [SECURITY] [DLA 2447-1] pacemaker security update
Index(es):
- Date
- Thread