package python-moinmoin
notfound 695526 1.9.3-1+squeeze2
found 695526 1.9.5-1
fixed 695526 1.9.5-2
thanks

On Sun, Dec 09, 2012 at 07:47:18PM +0100, Tilmann H. wrote:
>Package: python-moinmoin
>Version: 1.9.3-1+squeeze2
>Severity: normal
>Tags: patch upstream
>
>http://moinmo.in/SecurityFixes lists a fix for an XSS issue (escape page name
>in rss link). A patch is available at 
>http://hg.moinmo.in/moin/1.9/rev/c98ec456e493.

Thanks for the report! I've checked the code over and it's a 1.9.5
issue only as far as I can see - the equivalent code in 1.9.3 and
1.9.4 already escapes things (but in a different way). I've just
uploaded 1.9.5-2 to unstable with this patch applied, though.

There are other recent minor fixes for moin that *do* apply to 1.9.3
and 1.9.4, but I and the security team don't think they're important
enough to directly justify security uploads.

-- 
Steve McIntyre, Cambridge, UK.                                [email protected]
< liw> everything I know about UK hotels I learned from "Fawlty Towers"


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to