From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <overseers-return-12223-listarch-overseers=sources.redhat.com@sourceware.org>
Received: (qmail 16453 invoked by alias); 1 Feb 2013 15:21:02 -0000
Received: (qmail 16440 invoked by uid 22791); 1 Feb 2013 15:21:01 -0000
X-SWARE-Spam-Status: No, hits=-4.7 required=5.0
	tests=AWL,BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,KHOP_RCVD_TRUST,KHOP_THREADED,RCVD_IN_DNSWL_LOW,RCVD_IN_HOSTKARMA_YE
X-Spam-Check-By: sourceware.org
Received: from mail-oa0-f51.google.com (HELO mail-oa0-f51.google.com) (209.85.219.51)
    by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 01 Feb 2013 15:20:52 +0000
Received: by mail-oa0-f51.google.com with SMTP id h2so2206842oag.10
        for <overseers@sourceware.org>; Fri, 01 Feb 2013 07:20:51 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-received:in-reply-to:references:date:message-id
         :subject:from:to:cc:content-type:x-gm-message-state;
        bh=unFx9gPDMeek40CybQhzTwnkPbHk56bE7CMg1IkQALo=;
        b=FF8O+3s8WKmkifAJpHVcBX+Fn9rQbJyNJN7bRmev++vASIrcOeeFqEbOIRs9riZe5k
         4mpURvm4bpuRlhbXN3isErba+WhblGQMR3vy4OO9a2HQoYy1vz0VZU1G8QGk0sHr0XTO
         X+7fdI8m4+4eEjSpY2UcUQFUhc6teZm7iyU2fUc9iHblTeSwFyJpoadiykyMm8+BMQQD
         uu92ksDaYJmCXjIMjuJbUadyCksLeLczfGxFXOLS5UfaQq2M6lQYy4xYtd5jBX/QmEAg
         ufAW+o/sbZDNrA1GxpNPi8W7U9AdlzVM4UH9sXUdQD87Yydi0bP0Y35jj3Z6Bw/s2k4n
         GaJA==
MIME-Version: 1.0
X-Received: by 10.60.3.193 with SMTP id e1mr10423486oee.39.1359732051784; Fri,
 01 Feb 2013 07:20:51 -0800 (PST)
Received: by 10.76.27.200 with HTTP; Fri, 1 Feb 2013 07:20:51 -0800 (PST)
In-Reply-To: <510BD226.9020403@jifvik.org>
References: <20130114154700.GI7894@spoyarek.pnq.redhat.com>
	<510BD226.9020403@jifvik.org>
Date: Fri, 01 Feb 2013 15:21:00 -0000
Message-ID: <CAF4BwTXd9AG60zs78cihPjBBiawg7qY2orYE6X1HLD8jwetoyQ@mail.gmail.com>
Subject: Re: MoinMoin vulnerability fix on sourceware
From: Daniel Berlin <dberlin@dberlin.org>
To: Jonathan Larmour <jifl@jifvik.org>
Cc: overseers <overseers@sourceware.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQmngaL/FbDVaDbTg6MlWo4ZhiXyZqpzAH4AieZyb0gdsN5QnahwwL4X1bgP+eXQrYexls5W
Mailing-List: contact overseers-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <overseers.sourceware.org>
List-Archive: <http://sourceware.org/ml/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: overseers-owner@sourceware.org
X-SW-Source: 2013-q1/txt/msg00033.txt.bz2

I put the original moinmoin instance on sourceware. It has not been updated.
I don't know if i even have the access on sourceware to do so anymore.

Moin moin was fairly easy to upgrade, however.

http://moinmo.in/MoinMoinDownload has how to guides for each version.



On Fri, Feb 1, 2013 at 9:33 AM, Jonathan Larmour <jifl@jifvik.org> wrote:
> Can I just highlight the below message again for whoever knows about the
> MoinMoin installation on sourceware? A security vulnerability sounds worth
> investigation.
>
> Jifl
>
> On 14/01/13 15:47, Siddhesh Poyarekar wrote:
>> Hi,
>>
>> A few days ago wiki.python.org was compromised using a vulnerability
>> in moinmoin[1][2].  A fix was released as v1.9.6 of MoinMoin.  Is our
>> instance is updated?
>>
>> Thanks,
>> Siddhesh
>>
>> [1] http://mail.python.org/pipermail/python-dev/2013-January/123499.html
>> [2] http://moinmo.in/SecurityFixes
>>
>