* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404