lp:ubuntu/precise-security/moin
- Get this branch:
- bzr branch lp:ubuntu/precise-security/moin
Branch merges
Branch information
Recent revisions
- 37. By Jamie Strandboge
-
* SECURITY UPDATE: arbitrary code execution via anywikidraw/
twikidraw
- debian/patches/ CVE-2012- XXXX.patch: adjust action/ anywikidraw. py and
action/twikidraw. py to use wikiutil. taintfilename( )
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/ CVE-2012- YYYY.patch: adjust action/ AttachFile. py to use
wikiutil.taintfilename( )
- CVE-2012-YYYY - 36. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/ CVE-2011- 1058.patch: remove javascript support in
MoinMoin/parser/ text_rst. py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/ CVE-2012- 4404.patch: fix group test in
MoinMoin/security/ __init_ _.py, added test in
MoinMoin/security/ _tests/ test_security. py.
- CVE-2012-4404 - 34. By Clint Byrum
-
* Merge from Debian unstable (LP: #586518). Based on work by Stefan Ebner.
Remaining changes:
- Remove python-xml from Suggests field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason
for us to pull this in by default currently. Note: fckeditor has a
number of security problems and so this change probably needs to be
carried indefinitely. - 33. By Thierry Carrez
-
debian/rules: Avoid pulling libapache2-mod-wsgi by default, by recommending
"apache2 | httpd-cgi" instead of "libapache2-mod-wsgi | httpd-cgi".
Suggest libapache2-mod-wsgi instead. That prevents us from needing to rush
libapache2-mod-wsgi in main one week before release. - 32. By Jamie Strandboge
-
* Debian declares python-werkzeug and python-
parsedatetime as Depends and
python-xappy as Recommends, however these packages are in universe,
which breaks Ubuntu policy (section 2.2.1). Until these packages can be
added to main, use the embedded copies in moin.
- debian/patches/ ubuntu_ use_embedded_ for_main. patch: update setup.py
- debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/ CVE-2010- 0828.patch: use wikiutil.escape() in
revert_pages()
- CVE-2010-0828 - 31. By Jamie Strandboge
-
* Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner.
Remaining changes:
- Remove python-xml from Suggests field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: This isn't necessary anymore
but needs a MIR for fckeditor, so postpone dropping this change until
lucid+1
* debian/rules:
- Replace hardcoded python2.5 with python* and hardcore python2.6 for ln
* debian/control.in: drop versioned depends on cdbs - 29. By Bhavani Shankar
-
* Merge from debian unstable, remaining changes: LP: #395833
- debian/rules:
- Add --install-layout= deb option to install everything in /usr instead
of /usr/local.
- Remove python-xml from Recommends field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was
previously embedded in moin, but it was also disabled, so there's no
reason for us to pull this in by default currently. - 28. By Steve Langasek
-
* Merge from Debian unstable, remaining changes:
- debian/rules:
- Add --install-layout= deb option to install everything in /usr instead
of /usr/local.
- Remove python-xml from Recommends field, the package isn't anymore in
sys.path.
- Demote fckeditor from Recommends to Suggests; the code was
previously embedded in moin, but it was also disabled, so there's no
reason for us to pull this in by default currently.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/moin