thr3ads.net - Secure testing team - [Secure-testing-team] Bug#569975: python-moinmoin: Serious security issue in all moinmoin versions [Feb 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

John Goerzen

2010-Feb-15 15:29 UTC

[Secure-testing-team] Bug#569975: python-moinmoin: Serious security issue in all moinmoin versions

Package: python-moinmoin
Version: 1.5.3-1.2etch2
Severity: grave
Tags: security
Justification: user security hole

Per http://moinmo.in/SecurityFixes, there is a major security issue in
moin.  It affects all moin versions from "1.5.0 up to and including
1.9.1".

This means that all of these versions are vulnerable:

etch (oldstable): 1.5.3-1.2etch2

lenny (stable): 1.7.1-3+lenny2

squeeze (testing) & sid (unstable): 1.9.1-1


The Moin team has released 1.8.7, which patches the issue in 1.8.6.
They have not yet issued a patch for any other branch, including the
1.9.1 branch, although it appears that they are working on it.  That
patch may be instructive on patching these other versions.

Secure testing team - Feb 2010 - Bug#569975: python-moinmoin: Serious security issue in all moinmoin versions

[Secure-testing-team] Bug#569975: python-moinmoin: Serious security issue in all moinmoin versions