Ubuntu
moin package

lp:ubuntu/hardy-security/moin

Hardy (8.04)
hardy-security

Created by James Westby on 2011-01-19 and last modified on 2011-01-19

Get this branch:: bzr branch lp:ubuntu/hardy-security/moin

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

21. By Marc Deslauriers on 2010-08-20: * SECURITY UPDATE: arbitrary script injection via multiple cross-site
  scripting issues.
  - debian/patches/30009_CVE-2010-2487,2969,2970.patch: properly escape
    strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
    MoinMoin/action/*.py.
  - CVE-2010-2487
  - CVE-2010-2969
20. By Jamie Strandboge on 2010-03-30: * SECURITY UPDATE: fix XSS in Despam action
  - debian/patches/30008_CVE-2010-0828.patch: use wikiutil.escape()
    in revert_pages()
  - CVE-2010-0828
19. By Jamie Strandboge on 2010-03-09: * SECURITY UPDATE: fix multiple CSRF vulnerabilities
  - debian/patches/30006_CVE-2010-0668.patch: add tickets to prevent CSRF
    attacks in several components.
  - CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
  - debian/patches/30007_CVE-2010-0669.patch: adjust userprefs/prefs.py,
    user.py and wikiutil.py to sanitize input
  - CVE-2010-0669
18. By Jamie Strandboge on 2009-01-29: * SECURITY UPDATE: cross-site scripting via rename parameter and
  basename variable
  - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
    MoinMoin/action/AttachFile.py
  - CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
  - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
    in MoinMoin/util/antispam.py
  - CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
  - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
    wikiutil.escape() for name
  - CVE-2008-0780
  - LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
  - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
    msg, pagename and target filenames in MoinMoin/action/AttachFile.py
  - CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
    cookie action
  - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
    check USERID via the new id_sanitycheck() function
  - CVE-2008-0782
17. By Matthias Klose on 2008-02-27: Do not suggest python-xml, but python-4suite-xml.
16. By Emanuele Gentili on 2008-02-21: * Merge with Debian (LP: #193869); remaining changes:
- Suggest python-xml (needed for DocBook rendering). LP: #31728.
15. By Matthias Klose on 2007-12-06: * Merge with Debian; remaining changes:
- Suggest python-xml (needed for DocBook rendering). LP: #31728.
14. By Matthias Klose on 2007-09-09: Suggest python-xml (needed for DocBook rendering). LP: #31728.
13. By Kees Cook on 2007-05-14: * Merge from debian unstable, remaining changes:
- 11000_show_traceback_toggle.patch: allow for 'show_traceback=0' in
Moin configurations.
12. By Kees Cook on 2007-02-15: * debian/patches/091_show-traceback-option.patch: allow for
'show_traceback=0' in Moin configurations.
* References
CVE-2007-0902

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/natty/moin

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntumoin package