Changelog
moin (1.9.5-4ubuntu1) raring-proposed; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
isn't in sys.path any more.
- debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
code was previously embedded in moin, but it was also disabled, so
there's no reason for us to pull this in by default currently. Note:
fckeditor has a number of security problems and so this change probably
needs to be carried indefinitely.
* Dropped the following patches, no longer needed:
- debian/patches/CVE-2012-XXXX.patch
- debian/patches/CVE-2012-YYYY.patch
moin (1.9.5-4) unstable; urgency=high
* Another security fix from upstream:
+ fix path traversal vulnerability in AttachFile action
(CVE-2012-XXXX).
moin (1.9.5-3) unstable; urgency=high
* Security fix from upstream:
+ fix remote code execution vulnerability in twikidraw/anywikidraw
actions (CVE-2012-XXXX).
moin (1.9.5-2) unstable; urgency=high
* Several security fixes from upstream:
+ fix XSS issue, escape page name in rss link (CVE id not available
yet)
+ make taintfilename more secure
+ escape user- or admin-defined css url
+ use a constant time str comparison function to prevent timing
attacks
-- Jamie Strandboge <email address hidden> Thu, 03 Jan 2013 10:58:34 -0600