Branches for Gutsy

Author: Matthias Klose
Revision Date: 2007-09-09 01:36:23 UTC

Suggest python-xml (needed for DocBook rendering). LP: #31728.

Author: Jamie Strandboge
Revision Date: 2009-01-27 16:15:53 UTC

* SECURITY UPDATE: cross-site scripting via rename parameter and
  basename variable
  - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
    MoinMoin/action/AttachFile.py
  - CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
  - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
    in MoinMoin/util/antispam.py
  - CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
  - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
    wikiutil.escape() for name
  - CVE-2008-0780
  - LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
  - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
    msg, pagename and target filenames in MoinMoin/action/AttachFile.py
  - CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
    cookie action
  - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
    check USERID via the new id_sanitycheck() function
  - CVE-2008-0782
* SECURITY UPDATE: cross-site scripting in PageEditor
  - debian/patches/30006_CVE-2008-1098.patch: use wikiutil.escape() in
    MoinMoin/PageEditor.py
  - CVE-2008-1098
* SECURITY UPDATE: _macro_Getval does not properly enforce ACLs
  - debian/patches/30007_CVE-2008-1099.patch: update wikimacro.py and
    wikiutil.py to use request.user.may.read()
  - CVE-2008-1099

Author: Jamie Strandboge
Revision Date: 2009-01-27 16:15:53 UTC

* SECURITY UPDATE: cross-site scripting via rename parameter and
  basename variable
  - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
    MoinMoin/action/AttachFile.py
  - CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
  - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
    in MoinMoin/util/antispam.py
  - CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
  - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
    wikiutil.escape() for name
  - CVE-2008-0780
  - LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
  - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
    msg, pagename and target filenames in MoinMoin/action/AttachFile.py
  - CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
    cookie action
  - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
    check USERID via the new id_sanitycheck() function
  - CVE-2008-0782
* SECURITY UPDATE: cross-site scripting in PageEditor
  - debian/patches/30006_CVE-2008-1098.patch: use wikiutil.escape() in
    MoinMoin/PageEditor.py
  - CVE-2008-1098
* SECURITY UPDATE: _macro_Getval does not properly enforce ACLs
  - debian/patches/30007_CVE-2008-1099.patch: update wikimacro.py and
    wikiutil.py to use request.user.may.read()
  - CVE-2008-1099