lp:ubuntu/oneiric-security/moin

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/moin
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

36. By Jamie Strandboge

* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
  - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
    action/twikidraw.py to use wikiutil.taintfilename()
  - CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
  - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
    wikiutil.taintfilename()
  - CVE-2012-YYYY

35. By Marc Deslauriers

* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
  - debian/patches/CVE-2011-1058.patch: remove javascript support in
    MoinMoin/parser/text_rst.py.
  - CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
  names handling
  - debian/patches/CVE-2012-4404.patch: fix group test in
    MoinMoin/security/__init__.py, added test in
    MoinMoin/security/_tests/test_security.py.
  - CVE-2012-4404

34. By Clint Byrum

* Merge from Debian unstable (LP: #586518). Based on work by Stefan Ebner.
  Remaining changes:
 - Remove python-xml from Suggests field, the package isn't anymore in
   sys.path.
 - Demote fckeditor from Recommends to Suggests; the code was previously
   embedded in moin, but it was also disabled, so there's no reason
   for us to pull this in by default currently. Note: fckeditor has a
   number of security problems and so this change probably needs to be
   carried indefinitely.

33. By Thierry Carrez

debian/rules: Avoid pulling libapache2-mod-wsgi by default, by recommending
"apache2 | httpd-cgi" instead of "libapache2-mod-wsgi | httpd-cgi".
Suggest libapache2-mod-wsgi instead. That prevents us from needing to rush
libapache2-mod-wsgi in main one week before release.

32. By Jamie Strandboge

* Debian declares python-werkzeug and python-parsedatetime as Depends and
  python-xappy as Recommends, however these packages are in universe,
  which breaks Ubuntu policy (section 2.2.1). Until these packages can be
  added to main, use the embedded copies in moin.
  - debian/patches/ubuntu_use_embedded_for_main.patch: update setup.py
  - debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above
* SECURITY UPDATE: fix XSS in Despam action
  - debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in
    revert_pages()
  - CVE-2010-0828

31. By Jamie Strandboge

* Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner.
  Remaining changes:
 - Remove python-xml from Suggests field, the package isn't anymore in
   sys.path.
 - Demote fckeditor from Recommends to Suggests; the code was previously
   embedded in moin, but it was also disabled, so there's no reason for us
   to pull this in by default currently. Note: This isn't necessary anymore
   but needs a MIR for fckeditor, so postpone dropping this change until
   lucid+1
* debian/rules:
  - Replace hardcoded python2.5 with python* and hardcore python2.6 for ln
* debian/control.in: drop versioned depends on cdbs

30. By Matthias Klose

Rebuild dropping the extension for python2.5.

29. By Bhavani Shankar

* Merge from debian unstable, remaining changes: LP: #395833
  - debian/rules:
    - Add --install-layout=deb option to install everything in /usr instead
      of /usr/local.
    - Remove python-xml from Recommends field, the package isn't anymore in
      sys.path.
    - Demote fckeditor from Recommends to Suggests; the code was
      previously embedded in moin, but it was also disabled, so there's no
      reason for us to pull this in by default currently.

28. By Steve Langasek

* Merge from Debian unstable, remaining changes:
  - debian/rules:
    - Add --install-layout=deb option to install everything in /usr instead
      of /usr/local.
    - Remove python-xml from Recommends field, the package isn't anymore in
      sys.path.
    - Demote fckeditor from Recommends to Suggests; the code was
      previously embedded in moin, but it was also disabled, so there's no
      reason for us to pull this in by default currently.

27. By Steve Langasek

* Merge from debian unstable, remaining changes:
  - debian/rules:
    - Add --install-layout=deb option to install everything in /usr instead
      of /usr/local.
    - Remove python-xml from Recommends field, the package isn't anymore in
      sys.path.
    - Demote fckeditor from Recommends to Suggests; the code was
      previously embedded in moin, but it was also disabled, so there's no
      reason for us to pull this in by default currently.
* Dropped patch 10002_encodeAddress_fix_MIME_spacing.patch, merged upstream.
* Recommend default-mta | mail-transport-agent instead of exim4 | m-t-a,
  so that we can pull postfix by default on Ubuntu.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/moin
This branch contains Public information 
Everyone can see this information.

Subscribers