Re: Paket: python-moinmoin (1.9.7-1ubuntu2)

2016-06-19 Thread Nish Aravamudan 
Hi Oliver,

On Sat, Jun 18, 2016 at 10:29 PM, Oliver Schäfer
 wrote:
> Dear Ubuntu developers,
>
> I was wondering why the package python-moinmoin is still at moinmoin version
> 1.9.7. Since over a year the new version 1.9.8 is out in which important
> security issues were fixed (according to moinmoin's website some major
> installations of the Wiki software experienced severe damage due to these).
> Therefore we currently have 1.9.8 installed from a tar-ball but our
> IT-department is not too happy with this, as the needed manual care
> introduces other security risks. Is there a reason why this package is not
> getting updated?

It would be best to give the context in which are you looking.

Xenial and Yakkety have 1.9.8-1ubuntu1, so seem to be fine.

Precise and Trusty do not have said update, so I guess you mean those?
Precise has received security updates since release, for CVEs, but is
on quite an older base.

Do you have a reference to the MoinMoin-documented issues? The page I
found in cursory searching: https://moinmo.in/SecurityFixes just says
1.9.8 "Fixes issues found in 1.9.7." I'm guessing that there is no
corresponding CVE-like issue filed, so the -security team may not be
aware of a need to fix any issues (not 100% on that). Have you filed a
bug with Ubuntu for the issues that required you to use 1.9.8?

Thanks,
NIsh

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Paket: python-moinmoin (1.9.7-1ubuntu2)

2016-06-19 Thread Oliver Schäfer 

Dear Ubuntu developers,

I was wondering why the package python-moinmoin is still at moinmoin 
version 1.9.7. Since over a year the new version 1.9.8 is out in which 
important security issues were fixed (according to moinmoin's website 
some major installations of the Wiki software experienced severe damage 
due to these).
Therefore we currently have 1.9.8 installed from a tar-ball but our 
IT-department is not too happy with this, as the needed manual care 
introduces other security risks. Is there a reason why this package is 
not getting updated?


Best regrads,
Oliver Schaefer

--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss