Your message dated Fri, 12 Mar 2010 13:52:40 +0000
with message-id <e1nq5i8-0001r8...@ries.debian.org>
and subject line Bug#569975: fixed in moin 1.7.1-3+lenny3
has caused the Debian Bug report #569975,
regarding python-moinmoin: Serious security issue in all moinmoin versions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
569975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: python-moinmoin
Version: 1.5.3-1.2etch2
Severity: grave
Tags: security
Justification: user security hole
Per http://moinmo.in/SecurityFixes, there is a major security issue in
moin. It affects all moin versions from "1.5.0 up to and including
1.9.1".
This means that all of these versions are vulnerable:
etch (oldstable): 1.5.3-1.2etch2
lenny (stable): 1.7.1-3+lenny2
squeeze (testing) & sid (unstable): 1.9.1-1
The Moin team has released 1.8.7, which patches the issue in 1.8.6.
They have not yet issued a patch for any other branch, including the
1.9.1 branch, although it appears that they are working on it. That
patch may be instructive on patching these other versions.
--- End Message ---
--- Begin Message ---
Source: moin
Source-Version: 1.7.1-3+lenny3
We believe that the bug you reported is fixed in the latest version of
moin, which is due to be installed in the Debian FTP archive:
moin_1.7.1-3+lenny3.diff.gz
to main/m/moin/moin_1.7.1-3+lenny3.diff.gz
moin_1.7.1-3+lenny3.dsc
to main/m/moin/moin_1.7.1-3+lenny3.dsc
python-moinmoin_1.7.1-3+lenny3_all.deb
to main/m/moin/python-moinmoin_1.7.1-3+lenny3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 569...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated moin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 11 Mar 2010 23:09:05 +0100
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.7.1-3+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Jonas Smedegaard <d...@jones.dk>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
python-moinmoin - Python clone of WikiWiki - library
Closes: 569975
Changes:
moin (1.7.1-3+lenny3) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-0668: Multiple security issue related to configurations that
have a non-empty superuser list, the xmlrpc action enabled, the SyncPages
action enabled, or OpenID configured. (Closes: #569975)
* Fixed CVE-2010-0669: MoinMoin does not properly sanitize user profiles
* Fixed CVE-2010-0717: The default configuration of
cfg.packagepages_actions_excluded does not prevent unsafe package actions
* hierarchical ACL security fix: error when processing hierarchical ACLs,
which can be exploited to access restricted sub-pages.
Checksums-Sha1:
b38a7db1a28783271eb8aab3b87b149396340ada 1259 moin_1.7.1-3+lenny3.dsc
e8a9216e5e3a479ec724df147928ef9bed72c494 89391 moin_1.7.1-3+lenny3.diff.gz
4684e8e06a0387caddc30cfb820f71946f44cebb 4510584
python-moinmoin_1.7.1-3+lenny3_all.deb
Checksums-Sha256:
adf6f2e99c531ec0c775b09da396db36c871a14e7b9a480ff8a7f6ff1d2342d1 1259
moin_1.7.1-3+lenny3.dsc
0bbbe860209eda16de306bd9cd062cb4f758cf336410680769efcbf872caca2b 89391
moin_1.7.1-3+lenny3.diff.gz
4234eb2594a0a4b6ee5f30a8e374d92740c2ae5f4f13a50e602c2e5b59c6a8f2 4510584
python-moinmoin_1.7.1-3+lenny3_all.deb
Files:
66683a3699687a13f1d814e24bc46dbd 1259 net optional moin_1.7.1-3+lenny3.dsc
38256114fbb76fcb388ce5ca148acbac 89391 net optional moin_1.7.1-3+lenny3.diff.gz
a9440eb4eccc639f5dc1c7e2f27a9857 4510584 python optional
python-moinmoin_1.7.1-3+lenny3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuaAbMACgkQNxpp46476ap5TgCghZvI1nIomv9SBsl6yzBkRC2p
EmcAoIERWqAP94z57o3tg2ZpJ2bQ7Hv3
=xOG/
-----END PGP SIGNATURE-----
--- End Message ---
