package python-moinmoin notfound 695526 1.9.3-1+squeeze2 found 695526 1.9.5-1 fixed 695526 1.9.5-2 thanks
On Sun, Dec 09, 2012 at 07:47:18PM +0100, Tilmann H. wrote: >Package: python-moinmoin >Version: 1.9.3-1+squeeze2 >Severity: normal >Tags: patch upstream > >http://moinmo.in/SecurityFixes lists a fix for an XSS issue (escape page name >in rss link). A patch is available at >http://hg.moinmo.in/moin/1.9/rev/c98ec456e493. Thanks for the report! I've checked the code over and it's a 1.9.5 issue only as far as I can see - the equivalent code in 1.9.3 and 1.9.4 already escapes things (but in a different way). I've just uploaded 1.9.5-2 to unstable with this patch applied, though. There are other recent minor fixes for moin that *do* apply to 1.9.3 and 1.9.4, but I and the security team don't think they're important enough to directly justify security uploads. -- Steve McIntyre, Cambridge, UK. [email protected] < liw> everything I know about UK hotels I learned from "Fawlty Towers" -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

