Debian Security Advisory

DSA-4787-1 moin -- security update

Date Reported:
09 Nov 2020
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-15275, CVE-2020-25074.
More information:

Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.

  • CVE-2020-15275

    Catarina Leite discovered that moin is prone to a stored XSS vulnerability via SVG attachments.

  • CVE-2020-25074

    Michael Chapman discovered that moin is prone to a remote code execution vulnerability via the cache action.

For the stable distribution (buster), these problems have been fixed in version 1.9.9-1+deb10u1.

We recommend that you upgrade your moin packages.

For the detailed security status of moin please refer to its security tracker page at: