Package: python-moinmoin Version: 1.9.8-1 Severity: important Control: affects -1 + wiki.debian.org
The Debian wiki recently had a bunch of attachments accidentally deleted because someone used a downloader program and it spidered all the links, including the delete links. Luckily we have good backups and I was able to restore the files. For wikis where anonymous users can edit, this would mean that search engines could automatically delete all attachments. MoinMoin should use delete buttons instead of links and require POST requests for attachment deleting to prevent this. -- System Information: Debian Release: stretch/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing'), (860, 'testing-proposed-updates'), (850, 'buildd-testing-proposed-updates'), (800, 'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700, 'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python-moinmoin depends on: ii python 2.7.11-1 ii python-parsedatetime 1.4-1 ii python-passlib 1.6.5-4 ii python-pygments 2.1+dfsg-1 ii python-recaptcha 1.0.6-1 ii python-werkzeug 0.10.4+dfsg1-1 Versions of packages python-moinmoin recommends: ii exim4-daemon-light [mail-transport-agent] 4.87~RC6-3 pn fckeditor <none> pn libapache2-mod-wsgi | httpd-cgi <none> ii python-xapian 1.2.22-2 pn python-xappy <none> Versions of packages python-moinmoin suggests: ii antiword 0.37-11 pn catdoc <none> pn cifs-utils <none> ii docbook-dsssl 1.79-9 ii poppler-utils [xpdf-utils] 0.38.0-2 pn python-4suite-xml <none> pn python-docutils <none> pn python-flup <none> pn python-gdchart <none> ii python-ldap 2.4.22-0.1 pn python-mysqldb <none> pn python-openid <none> pn python-pyxmpp <none> ii python-tz 2015.7+dfsg-0.1 pn python-xml <none> ii wamerican [wordlist] 7.1-1 ii wbritish [wordlist] 7.1-1 ii wspanish [wordlist] 1.0.27 -- no debconf information -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part