lp:ubuntu/hardy-security/moin
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/moin
Branch merges
Branch information
Recent revisions
- 21. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/ 30009_CVE- 2010-2487, 2969,2970. patch: properly escape
strings in MoinMoin/{Page,PageEdito r,PageGraphical Editor} .py,
MoinMoin/action/ *.py.
- CVE-2010-2487
- CVE-2010-2969 - 20. By Jamie Strandboge
-
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/ 30008_CVE- 2010-0828. patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828 - 19. By Jamie Strandboge
-
* SECURITY UPDATE: fix multiple CSRF vulnerabilities
- debian/patches/ 30006_CVE- 2010-0668. patch: add tickets to prevent CSRF
attacks in several components.
- CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
- debian/patches/ 30007_CVE- 2010-0669. patch: adjust userprefs/prefs.py,
user.py and wikiutil.py to sanitize input
- CVE-2010-0669 - 18. By Jamie Strandboge
-
* SECURITY UPDATE: cross-site scripting via rename parameter and
basename variable
- debian/patches/ 30001_CVE- 2009-0260. patch: use wikiutil.escape() in
MoinMoin/action/ AttachFile. py
- CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
- debian/pathes/ 30002_antispam_ xss_fix. patch: use wikiutil.escape()
in MoinMoin/util/antispam. py
- CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
- debian/patches/ 30003_CVE- 2008-0780. patch: update action/login.py to use
wikiutil.escape( ) for name
- CVE-2008-0780
- LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
- debian/patches/ 30004_CVE- 2008-0781. patch: use wikiutil.escape() for
msg, pagename and target filenames in MoinMoin/action/ AttachFile. py
- CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
cookie action
- debian/patches/ 30005_CVE- 2008-0782. patch: update MoinMoin/user.py to
check USERID via the new id_sanitycheck() function
- CVE-2008-0782 - 16. By Emanuele Gentili
-
* Merge with Debian (LP: #193869); remaining changes:
- Suggest python-xml (needed for DocBook rendering). LP: #31728. - 15. By Matthias Klose
-
* Merge with Debian; remaining changes:
- Suggest python-xml (needed for DocBook rendering). LP: #31728.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/moin