Debian-LTS alert DLA-717-1 (moin)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 717-1] moin security update | |
| Date: | Tue, 22 Nov 2016 15:58:23 +0100 | |
| Message-ID: | <6f9b7be7-ce08-4e18-b9c0-ca929ad38e0a@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : moin Version : 1.9.4-8+deb7u3 CVE ID : CVE-2016-7146 CVE-2016-9119 Debian Bug : 844338 844340 Several cross-site scripting vulnerabilities were discovered in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor's attachment dialogue (CVE-2016-7146) and the GUI editor's link dialogue (CVE-2016-9119). For Debian 7 "Wheezy", these problems have been fixed in version 1.9.4-8+deb7u3. We recommend that you upgrade your moin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlg0XQ9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSoyA/8C/EP5Ag81Q6XtARRABcf9PKNNdcj8f79eHsMU81PcUjiV7CsU/tfifsw D4Cjbq4RwXKrSe6eOonGMuRkTQ5euwWYcMFwkmJxLt2lf4XdG6590Mvy84rCfwMv BvgOcJ1Epm+2ADANqXrNCLH3c2/rJXMLnEAASUsPJe/jpgaHWV/FNHT5gmhNpUNP DuOgN712D85GD6k8XkaMqKLSVoLeT74/FqE5s2ByflfzdIyxLp4bp0PBayt09oDo s7+HMg65vjF8CgkzBFDEiafmLN/XkwcyEPwZD9GZKhwmu4O+5gz8qoA+1MGIlmsm n+FrNO/HJ5PTSfmK7dnCDvlrbUZX+2TBND+bfbeZL1NCrTZoDqgYZO75vW+cZt8l Vc4ot+b0ylkaEJlT6dG0sGcFrekHaUN4AjruwS7Jv59NYLR2E0cexHpQkWwHvT82 +Vn5e8ti1SybTHV58kyvDb3Eo4zVSwjIjjRXrfj9kzAR0m+ArP0OTi3B3bubNPFS cXI1jz/liuM3yM9PYcsGTzvKSgY7DYpd5FFaK6GKdKgcG3IVax7tRj0st49QgnXS lN5QzAE353pd/RCAmR2f93U4ntRi+tX9jbWSyYYR/HOfF+FKVij5/7YLA+cyL0fm FiVWiLSUXJ31lyEVEv+WFlTzYXr51KKRvBNo/D1woiHg/CmJwh8= =p8Ys -----END PGP SIGNATURE-----