lp:ubuntu/intrepid-updates/moin

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

25. By Jamie Strandboge on 2010-03-30

* SECURITY UPDATE: fix XSS in Despam action
  - debian/patches/30006_CVE-2010-0828.patch: use wikiutil.escape()
    in revert_pages()
  - CVE-2010-0828
* SECURITY UPDATE: fix bypass of textcha protection
  - debian/patches/30007_CVE-2010-1238.patch: make sure the question and
    answer form fields are filled in
  - CVE-2010-1238

24. By Jamie Strandboge on 2010-03-02

* SECURITY UPDATE: fix multiple CSRF vulnerabilities
  - debian/patches/30004_CVE-2010-0668+0717.patch: add tickets to prevent
    CSRF attacks in several components. Also required backporting fix for
    "Mail account data" does not send mails.
  - CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
  - debian/patches/30005_CVE-2010-0669.patch: adjust userprefs/prefs.py,
    user.py and wikiutil.py to sanitize input
  - CVE-2010-0669

23. By Marc Deslauriers on 2009-05-08

* SECURITY UPDATE: Multiple XSS vulnerabilities in action/AttachFile.py
  - debian/patches/30003_CVE-2009-1482.patch: escape msg, pagename and
    attachment_name in MoinMoin/action/AttachFile.py.
  - CVE-2009-1482

22. By Jamie Strandboge on 2009-01-27

* SECURITY UPDATE: cross-site scripting via rename parameter and
  basename variable
  - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
    MoinMoin/action/AttachFile.py
  - CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
  - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
    in MoinMoin/security/antispam.py
  - CVE-2009-XXXX

21. By Matthias Klose on 2008-10-20

Drop recommendation of python-xml, the packages isn't anymore in
sys.path.

20. By Jonas Smedegaard <email address hidden> on 2008-07-24

* New upstream release. Closes: bug#492233, thanks to Teodor.
  + Fixes bogus empty page creation. Closes: bug#489146, thanks to
    Sam Morris.
* Recommend python-xml, needed for RSS feeds. Closes: bug#488777,
  thanks to Sam Morris.
* Add patch 10001 to disable RenderAsDocbook if python-xml is not
  available. Closes: bug#487741, thanks to Franklin Piat.
* Update cdbs snippets:
  + Move dependency cleanup to new local snippet package-relations.mk.
  + Update copyright-check output to more closely match proposed new
    copyright file format.
  + Update README.cdbs-tweaks.

19. By Emanuele Gentili on 2008-07-13

* SECURITY FIX: (LP: #248167)
 + debian/patches/20080713_XSS_advanced_search.diff
  - XSS security issue for advanced search form: added escaping.

* References:
 + http://hg.moinmo.in/moin/1.7/rev/383196922b03

* debian/control:
 - updated maintainer field.

18. By Jonas Smedegaard <email address hidden> on 2008-06-22

Simplify /etc/moin/wikilist format: "USER URL" (drop unneeded middle
CONFIG_DIR that was wrongly advertised as DATA_DIR). Make
moin-mass-migrate handle both formats and warn about deprecation of
the old one.

17. By Matthias Klose on 2008-02-27

Do not suggest python-xml, but python-4suite-xml.

16. By Emanuele Gentili on 2008-02-21

* Merge with Debian (LP: #193869); remaining changes:
  - Suggest python-xml (needed for DocBook rendering). LP: #31728.