Ubuntu
moin package

~jgrimm/ubuntu/+source/moin:merge2-zesty-1.9.9-1ubuntu1

  1. Git
  2. lp:~jgrimm/ubuntu/+source/moin
  3. merge2-zesty-1.9.9-1ubuntu1
Last commit made on 2017-02-07
Get this branch:
git clone -b merge2-zesty-1.9.9-1ubuntu1 https://git.launchpad.net/~jgrimm/ubuntu/+source/moin
Only Jon Grimm can upload to this branch. If you are Jon Grimm please log in for upload directions.

Branch merges

Branch information

Name:
merge2-zesty-1.9.9-1ubuntu1
Repository:
lp:~jgrimm/ubuntu/+source/moin

Recent commits

164a75d... by Jon Grimm

update-maintainer

0bb6f71... by Jon Grimm

reconstruct-changelog

c324174... by Jon Grimm

merge-changelogs

10ddafc... by Jon Grimm

Drop * SECURITY UPDATE: XSS in link dialogue
    - debian/patches/CVE-2016-9119.patch: properly escape strings in
      MoinMoin/action/fckdialog.py.
    - CVE-2016-9119

0f72823... by Jon Grimm

Drop * SECURITY UPDATE: XSS in AttachFile view
    - debian/patches/CVE-2016-7148.patch: properly escape pagename in
      MoinMoin/action/AttachFile.py.
    - CVE-2016-7148

4292e2e... by Jon Grimm

Drop * SECURITY UPDATE: XSS in attachment dialogue
    - debian/patches/CVE-2016-7146.patch: properly escape page_name in
      MoinMoin/action/fckdialog.py.
    - CVE-2016-7146

6792367... by Jon Grimm

      - Drop python-mysqldb in favor of python-pymysql.
    + debian/patches/pymysql-replacement.patch: Use pymysql as drop in
      replacement for MySQLdb.

c91e553... by Jon Grimm

 - demote fckeditor from Recommends to Suggests; the code was previously
        embedded in moin, but it was also disabled, so there's no reason for us
        to pull this in by default currently. Note: fckeditor has a number of
        security problems

6df28fe... by Jon Grimm

     - remove python-xml from Suggests field, the package isn't in
        sys.path any more.

ada9973... by Steve McIntyre

Import patches-unapplied version 1.9.9-1 to debian/sid

Imported using usd-importer.

Publish parent: 315918e366e1de19a2213925c3c6eb958f475eb3

New changelog entries:
  * New upstream release, lots of bug fixes
  * Includes a few security updates:
    + CVE-2016-9119: XSS in GUI editor's link dialogue
      (Closes: #844338)
    + CVE-2016-7146: XSS in GUI editor's attachment dialogue
      (Closes:#844340)
    + CVE-2016-7148: XSS in AttachFile view (multifile related)
      (Closes: #844341)
  * Apply recommended patch from upstream: fix wrong digestmod of hmac.new
    calls
  * Update patches to fit upstream changes:
    + use_systemwide_libs.patch
    + mail-verification.patch
  * Add patch from Paul Wise to implement an incremental dump process in
    moin dump
  * Fix timestamps to make package build reproducibly. Thanks to Eduard
    Sanou for the patch. Closes: #794014