[SECURITY] [DLA 2446-1] moin security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2446-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
November 10, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : moin
Version : 1.9.9-1+deb9u2
CVE ID : CVE-2020-15275 CVE-2020-25074
Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.
CVE-2020-15275
Catarina Leite discovered that moin is prone to a stored XSS
vulnerability via SVG attachments.
CVE-2020-25074
Michael Chapman discovered that moin is prone to a remote code
execution vulnerability via the cache action.
For Debian 9 stretch, these problems have been fixed in version
1.9.9-1+deb9u2.
We recommend that you upgrade your moin packages.
For the detailed security status of moin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/moin
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+rCZtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdlKw//TkGJdmhY9tgMSyODHNBwadLhI8CXXR4Un/kibh3IsGAq5rzodwHnZ7w/
YWxlTNpSCG4GuWxqJMZelu0NuHIojdMKx+w8rR+9P1GcOAz0n8Dm4d1OCLsbFHNn
GSXnGcUJjE86Fma5KRyI5sP0/8xXTt4kr/jpU79ibkoT3vcBhy75F/I6R93jkwTq
y1q12AWith51PfbdZj5SmTVBzEyLYdMmeH40sCgUL4PWJAAXWThvUG5VxRtDVGSl
AZiXU/8YeFeMnCXSO/AIp7uLjj2d5H/wpcCOI4iuELyUrxHZs34Rg7dDxaImVMr8
oZ7aVvlOLrBbi5w1z9ZicCtLNIEhNo7ugXl7v8jyrx3nahgmIxohQyJ9K39ltkpx
cp2hDDtlwwgVnrlUoQuxpI4idMtcrYM/3tCnLRhaqfDvqfWaEdDoa+MJ2LiZokIt
PCLBo2DvyZMbF2uYeXooOzYw7zQGJKIquKyQ0Eu5yeFWfUofmgEMN9MLSRj7Zbt1
TT3rgVGGP19aeVHKQqJQnIlIyNXpMRNz7zTxorp3zx8oPbiNdvAIgh0OydYp4z3J
WO8ZkW4gGFrvy5eDnNcJtkvKJ+jC5trdZ8n221IJa5U9j/VoNmOLMQI4lu622/g2
la7sQJLvPKjP8QLIzvzwwNzL3no1PvT0fbIWBBHep9Ya3lnYOq0=
=XoFI
-----END PGP SIGNATURE-----
Reply to: