lp://staging/ubuntu/jaunty-security/moin
- Get this branch:
- bzr branch lp://staging/ubuntu/jaunty-security/moin
Branch merges
Branch information
Recent revisions
- 31. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/ 30006_CVE- 2010-2487, 2969,2970. patch: properly escape
strings in MoinMoin/{Page,PageEdito r,PageGraphical Editor} .py,
MoinMoin/action/ *.py.
- CVE-2010-2487
- CVE-2010-2969 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: restrictions bypass via incorrect acl checking
- debian/patches/ 30005_CVE- 2009-4762. patch: don't check parents if item
has an ACL in MoinMoin/security/ __init_ _.py.
- CVE-2009-4762 - 29. By Jamie Strandboge
-
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/ 30004_CVE- 2010-0828. patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828 - 28. By Jamie Strandboge
-
* SECURITY UPDATE: fix multiple CSRF vulnerabilities
- debian/patches/ 30002_CVE- 2010-0668+ 0717.patch: add tickets to prevent
CSRF attacks in several components.
- CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
- debian/patches/ 30003_CVE- 2010-0669. patch: adjust userprefs/prefs.py,
user.py and wikiutil.py to sanitize input
- CVE-2010-0669 - 27. By Marc Deslauriers
-
* SECURITY UPDATE: Multiple XSS vulnerabilities in action/
AttachFile. py
- debian/patches/ 30001_security_ CVE-2009- 1482.patch: escape msg,
pagename and attachment_name in MoinMoin/action/ AttachFile. py.
- CVE-2009-1482 - 26. By Steve Langasek
-
Demote fckeditor from Recommends to Suggests; the code was
previously embedded in moin, but it was also disabled, so there's no
reason for us to pull this in by default currently. - 25. By Alessio Treglia
-
* Merge from debian unstable (LP: #350287), Ubuntu remaining changes:
- Remove python-xml from Recommends field, the package isn't anymore in
sys.path.
* debian/patches/ 10002_encodeAdd ress_fix_ MIME_spacing. patch:
- Headers are malformed in notification email when, in mail_from, there is
a phrase before the angle address that gets encoded.
Thanks to Matthias Andree for the patch (LP: #348960).
* debian/rules:
- Add --install-layout= deb option to install everything in /usr instead of
/usr/local, fix FTBFS. - 24. By Alessio Treglia
-
* Merge from debian unstable (LP: #322890), Ubuntu remaining changes:
- Remove python-xml from Recommends field, the package isn't anymore in
sys.path. - 23. By Bhavani Shankar
-
* Merge from debian unstable, remaining changes: LP: #313687
- Drop recommendation of python-xml, the packages isn't anymore in
sys.path. - 22. By Michael Vogt
-
* Merge from debian unstable, remaining changes:
- Drop recommendation of python-xml, the packages isn't anymore in
sys.path.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/natty/moin