Paket: python-moinmoin (1.9.7-1ubuntu2)
nish.aravamudan at canonical.com
Sun Jun 19 07:04:03 UTC 2016
On Sat, Jun 18, 2016 at 10:29 PM, Oliver Schäfer
<oliver.schaefer at desy.de> wrote:
> Dear Ubuntu developers,
> I was wondering why the package python-moinmoin is still at moinmoin version
> 1.9.7. Since over a year the new version 1.9.8 is out in which important
> security issues were fixed (according to moinmoin's website some major
> installations of the Wiki software experienced severe damage due to these).
> Therefore we currently have 1.9.8 installed from a tar-ball but our
> IT-department is not too happy with this, as the needed manual care
> introduces other security risks. Is there a reason why this package is not
> getting updated?
It would be best to give the context in which are you looking.
Xenial and Yakkety have 1.9.8-1ubuntu1, so seem to be fine.
Precise and Trusty do not have said update, so I guess you mean those?
Precise has received security updates since release, for CVEs, but is
on quite an older base.
Do you have a reference to the MoinMoin-documented issues? The page I
found in cursory searching: https://moinmo.in/SecurityFixes just says
1.9.8 "Fixes issues found in 1.9.7." I'm guessing that there is no
corresponding CVE-like issue filed, so the -security team may not be
aware of a need to fix any issues (not 100% on that). Have you filed a
bug with Ubuntu for the issues that required you to use 1.9.8?
More information about the Ubuntu-devel-discuss