Ubuntu Security Notice 1680-1 - It was discovered that MoinMoin did not properly sanitize its input when processing AnyWikiDraw and TWikiDraw actions. A remote attacker with write access could exploit this to overwrite arbitrary files and execute arbitrary code with the privileges of the web server (user 'www-data'). It was discovered that MoinMoin also did not properly sanitize its input when processing the AttachFile action. A remote attacker could exploit this to overwrite files via directory traversal. Various other issues were also addressed.
56353e2537c223147685fa74826d1d32e50546f485b155b80dc6d1e20b5932c9