lp:ubuntu/intrepid-security/moin
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/moin
Branch merges
Branch information
Recent revisions
- 25. By Jamie Strandboge
-
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/ 30006_CVE- 2010-0828. patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
* SECURITY UPDATE: fix bypass of textcha protection
- debian/patches/ 30007_CVE- 2010-1238. patch: make sure the question and
answer form fields are filled in
- CVE-2010-1238 - 24. By Jamie Strandboge
-
* SECURITY UPDATE: fix multiple CSRF vulnerabilities
- debian/patches/ 30004_CVE- 2010-0668+ 0717.patch: add tickets to prevent
CSRF attacks in several components. Also required backporting fix for
"Mail account data" does not send mails.
- CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
- debian/patches/ 30005_CVE- 2010-0669. patch: adjust userprefs/prefs.py,
user.py and wikiutil.py to sanitize input
- CVE-2010-0669 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: Multiple XSS vulnerabilities in action/
AttachFile. py
- debian/patches/ 30003_CVE- 2009-1482. patch: escape msg, pagename and
attachment_name in MoinMoin/action/ AttachFile. py.
- CVE-2009-1482 - 22. By Jamie Strandboge
-
* SECURITY UPDATE: cross-site scripting via rename parameter and
basename variable
- debian/patches/ 30001_CVE- 2009-0260. patch: use wikiutil.escape() in
MoinMoin/action/ AttachFile. py
- CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
- debian/pathes/ 30002_antispam_ xss_fix. patch: use wikiutil.escape()
in MoinMoin/security/ antispam. py
- CVE-2009-XXXX - 20. By Jonas Smedegaard <email address hidden>
-
* New upstream release. Closes: bug#492233, thanks to Teodor.
+ Fixes bogus empty page creation. Closes: bug#489146, thanks to
Sam Morris.
* Recommend python-xml, needed for RSS feeds. Closes: bug#488777,
thanks to Sam Morris.
* Add patch 10001 to disable RenderAsDocbook if python-xml is not
available. Closes: bug#487741, thanks to Franklin Piat.
* Update cdbs snippets:
+ Move dependency cleanup to new local snippet package-relations. mk.
+ Update copyright-check output to more closely match proposed new
copyright file format.
+ Update README.cdbs-tweaks. - 19. By Emanuele Gentili
-
* SECURITY FIX: (LP: #248167)
+ debian/patches/ 20080713_ XSS_advanced_ search. diff
- XSS security issue for advanced search form: added escaping.* References:
+ http://hg.moinmo. in/moin/ 1.7/rev/ 383196922b03 * debian/control:
- updated maintainer field. - 18. By Jonas Smedegaard <email address hidden>
-
Simplify /etc/moin/wikilist format: "USER URL" (drop unneeded middle
CONFIG_DIR that was wrongly advertised as DATA_DIR). Make
moin-mass-migrate handle both formats and warn about deprecation of
the old one. - 16. By Emanuele Gentili
-
* Merge with Debian (LP: #193869); remaining changes:
- Suggest python-xml (needed for DocBook rendering). LP: #31728.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/moin