Accepted moin 1.9.4-8+deb7u1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 29 Dec 2012 19:20:37 +0100
Source: moin
Binary: python-moinmoin
Architecture: source all
Version: 1.9.4-8+deb7u1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Steve McIntyre <93sam@debian.org>
Description:
python-moinmoin - Python clone of WikiWiki - library
Changes:
moin (1.9.4-8+deb7u1) testing-proposed-updates; urgency=high
.
* Stack of security fixes from upstream:
+ make taintfilename more secure
+ escape user- or admin-defined css url
+ use a constant time str comparison function to prevent timing
attacks
+ fix remote code execution vulnerability in twikidraw/anywikidraw
actions (CVE-2012-XXXX).
+ fix path traversal vulnerability in AttachFile action
(CVE-2012-XXXX).
Checksums-Sha1:
e794711c6f4ad12159952e3b68740cb31cd4bba9 1977 moin_1.9.4-8+deb7u1.dsc
54ec1b15b44576c1dfee026565e83960b751888e 132356 moin_1.9.4-8+deb7u1.debian.tar.gz
2617872ee77c790e38ab07e08fdeda43e0f470b4 21418048 python-moinmoin_1.9.4-8+deb7u1_all.deb
Checksums-Sha256:
ca701270b37f034ca3fe493981c840599368080fbb6c4dd2d0da4cd256bf9bdc 1977 moin_1.9.4-8+deb7u1.dsc
ca52cc6e0b8809c7d07e1f9d57c55f15f08df93dc96209be9472526a815ffc94 132356 moin_1.9.4-8+deb7u1.debian.tar.gz
51e92f30dfc7e87c35417e3f6e4049875e0187b6d2d97ce92b21973a972b66cf 21418048 python-moinmoin_1.9.4-8+deb7u1_all.deb
Files:
8fd64dbe3d910dc9a90b6635701ff7a0 1977 net optional moin_1.9.4-8+deb7u1.dsc
52916050d1f6b21890f8762cb54edabe 132356 net optional moin_1.9.4-8+deb7u1.debian.tar.gz
9ca354dceacb617c7b9fc8fab96a12bd 21418048 python optional python-moinmoin_1.9.4-8+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQ4LIAAAoJEFh5eVc0QmhOuBEQALpTiFcQQLH4KlzWu1nmVj+N
oQBwajyh5TOxRHH+JcBulUfvuxLCXKeQ/mdRYvG0lU0yt/xws4JHTJX5yrozoaeP
csTG3sMjl/x4W5r3NPSLAXDUjhSOefL4HY0dmXbR7rdtTY/9+XTABg1zUXnFYWAK
3FNALiVUCdzLjnPDqgSDDGRkuhRyVCm51mX0LOm4vpYeGobW1DdPLu/MerBMWiMT
Q7c1gh4WxudKa/55n3IzaE/p0jFo84qWrNk+X4ZAqBFs0Uyy5+qcB83CJX4UqQDD
yvocHzKALwuvJUoIfJ+uPzf0XSlS9Attro04Z+efB0ZKkKtbyulXog7b/nzW346X
D29YuAZXkoIbkOagsKt0rdmUAKj/rbZHDG5KPQtqfkE1b2ayhzCrHoykTlForD9E
Y7jCeoz7HtdnlWrQZiZN0X+Rj4qPLpcC32H5+hRoqRuj9/0BX87brjuUZYtNzY9p
GjSdmFzIb4pZo2FI6BVPDBMqVtpOMfDP6EKwy/OriBwMxbrv8KJZ9zzyW7T6LXPf
+9w+Pndzps5mH+gEubQPSDDdTvvZZ3ObQ18rBH8t1gWEXf/mciJRIEJkTyW4sPrb
EwDqvRsH6keFeLOj6d3D+eTtsHKK3OQvIwb37vD43zjmJpoH52wFrivkoHC7ALY9
7UhRMq+RIVrIr26vc+ic
=a4E2
-----END PGP SIGNATURE-----