Branches for Quantal

Author: Marc Deslauriers
Revision Date: 2012-10-10 10:13:05 UTC

* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
  - debian/patches/CVE-2011-1058.patch: remove javascript support in
    MoinMoin/parser/text_rst.py.
  - CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
  names handling
  - debian/patches/CVE-2012-4404.patch: fix group test in
    MoinMoin/security/__init__.py, added test in
    MoinMoin/security/_tests/test_security.py.
  - CVE-2012-4404

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:22:20 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

Author: Jamie Strandboge
Revision Date: 2012-12-29 18:22:20 UTC

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY