Change log for moin package in Ubuntu
1 → 50 of 98 results | First • Previous • Next • Last |
moin (1.9.8-1ubuntu1.16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: XSS vulnerability - debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability via SVG attachment in MoinMoin/config/__init__.py, MoinMoin/config/multiconfig.py. - CVE-2020-15275 * SECURITY UPDATE: Remote code execution - debian/patches/CVE-2020-25074.patch: fix remote code execution via cache action in MoinMoin/action/cache.py. - CVE-2020-25074 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:46:18 -0300
Available diffs
moin (1.9.9-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: XSS vulnerability - debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability via SVG attachment in MoinMoin/config/__init__.py, MoinMoin/config/multiconfig.py. - CVE-2020-15275 * SECURITY UPDATE: Remote code execution - debian/patches/CVE-2020-25074.patch: fix remote code execution via cache action in MoinMoin/action/cache.py. - CVE-2020-25074 -- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:28:46 -0300
Available diffs
Deleted in focal-release (Reason: (From Debian) RoQA; python2-only; will be replaced by moi...) |
Deleted in focal-proposed (Reason: moved to Release) |
moin (1.9.9-1+deb9u1ubuntu1) focal; urgency=medium * Use python2. -- Matthias Klose <email address hidden> Wed, 15 Jan 2020 13:09:58 +0100
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
moin (1.9.9-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776) -- Salvatore Bonaccorso <email address hidden> Thu, 11 Oct 2018 20:54:28 +0200
Available diffs
Superseded in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
Obsolete in cosmic-updates |
Obsolete in cosmic-security |
moin (1.9.9-1ubuntu1.18.10.1) cosmic-security; urgency=medium * SECURITY UPDATE: XSS in GUI editor - debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py. - CVE-2017-5934 -- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Oct 2018 10:54:19 -0300
Available diffs
moin (1.9.9-1ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: XSS in GUI editor - debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py. - CVE-2017-5934 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:38:19 -0300
Available diffs
moin (1.9.8-1ubuntu1.16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: XSS in GUI editor - debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py. - CVE-2017-5934 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:31:35 -0300
moin (1.9.7-1ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: XSS in GUI editor - debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py. - CVE-2017-5934 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 13:40:09 -0300
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Superseded in cosmic-release |
Published in bionic-release |
Obsolete in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
moin (1.9.9-1ubuntu1) zesty; urgency=medium * Merge from debian, remaining changes: + debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely. - Drop python-mysqldb in favor of python-pymysql. + debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. * Drop the following patches, no longer needed: - debian/patches/CVE-2016-7146.patch - debian/patches/CVE-2016-7148.patch - debian/patches/CVE-2016-9119.patch -- Jon Grimm <email address hidden> Tue, 07 Feb 2017 15:13:22 -0600
Available diffs
moin (1.9.8-1ubuntu1.16.10.1) yakkety-security; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in AttachFile view - debian/patches/CVE-2016-7148.patch: properly escape pagename in MoinMoin/action/AttachFile.py. - CVE-2016-7148 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.8-1ubuntu1.16.04.1) xenial-security; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in AttachFile view - debian/patches/CVE-2016-7148.patch: properly escape pagename in MoinMoin/action/AttachFile.py. - CVE-2016-7148 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.8-1ubuntu2) zesty; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in AttachFile view - debian/patches/CVE-2016-7148.patch: properly escape pagename in MoinMoin/action/AttachFile.py. - CVE-2016-7148 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.7-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:53:09 -0500
Available diffs
moin (1.9.3-1ubuntu2.3) precise-security; urgency=medium * SECURITY UPDATE: XSS in attachment dialogue - debian/patches/CVE-2016-7146.patch: properly escape page_name in MoinMoin/action/fckdialog.py. - CVE-2016-7146 * SECURITY UPDATE: XSS in link dialogue - debian/patches/CVE-2016-9119.patch: properly escape strings in MoinMoin/action/fckdialog.py. - CVE-2016-9119 -- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:54:06 -0500
Available diffs
Superseded in zesty-release |
Obsolete in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
moin (1.9.8-1ubuntu1) xenial; urgency=medium * Merge from debian, remaining changes: + debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely. - Drop python-mysqldb in favor of python-pymysql. + debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb.
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
moin (1.9.7-2ubuntu3) wily; urgency=medium * debian/patches/pymysql-replacement.patch: Use pymysql as drop in replacement for MySQLdb. -- Corey Bryant <email address hidden> Tue, 25 Aug 2015 15:30:19 -0400
Available diffs
- diff from 1.9.7-2ubuntu2 to 1.9.7-2ubuntu3 (675 bytes)
moin (1.9.7-2ubuntu2) wily; urgency=medium * debian/control: Drop python-mysqldb in favor of python-pymysql. -- Corey Bryant <email address hidden> Mon, 24 Aug 2015 10:52:14 -0400
Available diffs
- diff from 1.9.7-2ubuntu1 to 1.9.7-2ubuntu2 (789 bytes)
Superseded in wily-release |
Obsolete in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
moin (1.9.7-2ubuntu1) utopic; urgency=medium * Merge from Debian unstable (LP: #1351331). Remaining changes: * debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
- diff from 1.9.7-1ubuntu2 to 1.9.7-2ubuntu1 (54.1 KiB)
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
moin (1.9.7-1ubuntu2) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose <email address hidden> Sun, 23 Feb 2014 13:48:55 +0000
Available diffs
- diff from 1.9.7-1ubuntu1 to 1.9.7-1ubuntu2 (327 bytes)
moin (1.9.7-1ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: * debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
- diff from 1.9.5-5ubuntu1 to 1.9.7-1ubuntu1 (235.3 KiB)
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
moin (1.9.5-5ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: * debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely. -- Sebastien Bacher <email address hidden> Thu, 16 May 2013 11:56:01 +0200
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
moin (1.9.5-4ubuntu1) raring-proposed; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: remove python-xml from CDBS_SUGGESTS field, the package isn't in sys.path any more. - debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely. * Dropped the following patches, no longer needed: - debian/patches/CVE-2012-XXXX.patch - debian/patches/CVE-2012-YYYY.patch
Available diffs
moin (1.9.5-1ubuntu2) raring-proposed; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:24:10 -0600
Available diffs
moin (1.9.3-1ubuntu3.1) quantal-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:22:20 -0600
Available diffs
moin (1.9.3-1ubuntu1.11.10.2) oneiric-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:18:00 -0600
Available diffs
moin (1.9.3-1ubuntu2.2) precise-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:20:21 -0600
Available diffs
moin (1.9.2-2ubuntu3.3) lucid-security; urgency=low * SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw - debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and action/twikidraw.py to use wikiutil.taintfilename() - CVE-2012-XXXX * SECURITY UPDATE: path traversal via AttachFile - debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use wikiutil.taintfilename() - CVE-2012-YYYY -- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:14:52 -0600
Available diffs
moin (1.9.5-1ubuntu1) raring; urgency=low * Merge from Debian unstable (LP: #1046616). Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
moin (1.9.3-1ubuntu3) quantal; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:13:05 -0400
Available diffs
moin (1.9.3-1ubuntu2.1) precise-security; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:18:19 -0400
Available diffs
moin (1.9.3-1ubuntu1.11.10.1) oneiric-security; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:19:19 -0400
Available diffs
moin (1.9.3-1ubuntu1.11.04.1) natty-security; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:20:46 -0400
Available diffs
moin (1.9.2-2ubuntu3.2) lucid-security; urgency=low * SECURITY UPDATE: cross-site scripting issue in reStructuredText parser - debian/patches/CVE-2011-1058.patch: remove javascript support in MoinMoin/parser/text_rst.py. - CVE-2011-1058 * SECURITY UPDATE: incorrect permissions due to broken virtual group names handling - debian/patches/CVE-2012-4404.patch: fix group test in MoinMoin/security/__init__.py, added test in MoinMoin/security/_tests/test_security.py. - CVE-2012-4404 -- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:22:03 -0400
Available diffs
moin (1.9.3-1ubuntu2) precise; urgency=low * Build using dh_python2 -- Matthias Klose <email address hidden> Sat, 17 Dec 2011 13:16:29 +0000
Available diffs
- diff from 1.9.3-1 (in Debian) to 1.9.3-1ubuntu2 (3.4 KiB)
- diff from 1.9.3-1ubuntu1 to 1.9.3-1ubuntu2 (730 bytes)
moin (1.5.2-1ubuntu2.7) dapper-security; urgency=low * SECURITY UPDATE: arbitrary script injection via multiple cross-site scripting issues. - debian/patches/103_CVE-2010-2487,2969,2970.patch: properly escape strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py, MoinMoin/action/*.py. - CVE-2010-2487 - CVE-2010-2969 -- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 13:47:29 -0400
Available diffs
moin (1.5.8-5.1ubuntu2.5) hardy-security; urgency=low * SECURITY UPDATE: arbitrary script injection via multiple cross-site scripting issues. - debian/patches/30009_CVE-2010-2487,2969,2970.patch: properly escape strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py, MoinMoin/action/*.py. - CVE-2010-2487 - CVE-2010-2969 -- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 13:37:52 -0400
Available diffs
moin (1.8.2-2ubuntu2.5) jaunty-security; urgency=low * SECURITY UPDATE: arbitrary script injection via multiple cross-site scripting issues. - debian/patches/30006_CVE-2010-2487,2969,2970.patch: properly escape strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py, MoinMoin/action/*.py. - CVE-2010-2487 - CVE-2010-2969 -- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 11:01:45 -0400
Available diffs
moin (1.8.4-1ubuntu1.3) karmic-security; urgency=low * SECURITY UPDATE: arbitrary script injection via multiple cross-site scripting issues. - debian/patches/30003_CVE-2010-2487,2969,2970.patch: properly escape strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py, MoinMoin/action/*.py. - CVE-2010-2487 - CVE-2010-2969 -- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 10:49:14 -0400
Available diffs
moin (1.9.2-2ubuntu3.1) lucid-security; urgency=low * SECURITY UPDATE: arbitrary script injection via multiple cross-site scripting issues. - debian/patches/CVE-2010-2487,2969,2970.patch: properly escape strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py, MoinMoin/action/*.py. - CVE-2010-2487 - CVE-2010-2969 - CVE-2010-2970 -- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 10:37:01 -0400
Available diffs
Superseded in precise-release |
Obsolete in oneiric-release |
Obsolete in natty-release |
Obsolete in maverick-release |
moin (1.9.3-1ubuntu1) maverick; urgency=low * Merge from Debian unstable (LP: #586518). Based on work by Stefan Ebner. Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
- diff from 1.9.3-1 (in Debian) to 1.9.3-1ubuntu1 (3.1 KiB)
- diff from 1.9.2-2ubuntu3 to 1.9.3-1ubuntu1 (326.3 KiB)
moin (1.8.2-2ubuntu2.4) jaunty-security; urgency=low * SECURITY UPDATE: restrictions bypass via incorrect acl checking - debian/patches/30005_CVE-2009-4762.patch: don't check parents if item has an ACL in MoinMoin/security/__init__.py. - CVE-2009-4762 -- Marc Deslauriers <email address hidden> Tue, 18 May 2010 12:56:39 -0400
Available diffs
- diff from 1.8.2-2ubuntu2.3 to 1.8.2-2ubuntu2.4 (849 bytes)
moin (1.9.2-2ubuntu3) lucid; urgency=low * debian/rules: Avoid pulling libapache2-mod-wsgi by default, by recommending "apache2 | httpd-cgi" instead of "libapache2-mod-wsgi | httpd-cgi". Suggest libapache2-mod-wsgi instead. That prevents us from needing to rush libapache2-mod-wsgi in main one week before release. -- Thierry Carrez <email address hidden> Fri, 23 Apr 2010 15:21:19 +0200
Available diffs
- diff from 1.9.2-2ubuntu2 to 1.9.2-2ubuntu3 (770 bytes)
moin (1.7.1-1ubuntu1.5) intrepid-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/30006_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 * SECURITY UPDATE: fix bypass of textcha protection - debian/patches/30007_CVE-2010-1238.patch: make sure the question and answer form fields are filled in - CVE-2010-1238 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:53:34 -0500
Available diffs
Superseded in lucid-release |
moin (1.9.2-2ubuntu2) lucid; urgency=low * Debian declares python-werkzeug and python-parsedatetime as Depends and python-xappy as Recommends, however these packages are in universe, which breaks Ubuntu policy (section 2.2.1). Until these packages can be added to main, use the embedded copies in moin. - debian/patches/ubuntu_use_embedded_for_main.patch: update setup.py - debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above * SECURITY UPDATE: fix XSS in Despam action - debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 15:09:54 -0500
Available diffs
moin (1.8.4-1ubuntu1.2) karmic-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/30002_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:58:02 -0500
Available diffs
- diff from 1.8.4-1ubuntu1.1 to 1.8.4-1ubuntu1.2 (886 bytes)
moin (1.8.2-2ubuntu2.3) jaunty-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/30004_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:55:32 -0500
Available diffs
- diff from 1.8.2-2ubuntu2.2 to 1.8.2-2ubuntu2.3 (887 bytes)
moin (1.5.8-5.1ubuntu2.4) hardy-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/30008_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:51:01 -0500
Available diffs
moin (1.5.2-1ubuntu2.6) dapper-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/102_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 -- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:47:10 -0500
Available diffs
- diff from 1.5.2-1ubuntu2.5 to 1.5.2-1ubuntu2.6 (870 bytes)
Superseded in lucid-release |
moin (1.9.2-2ubuntu1) lucid; urgency=low * Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner. Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: This isn't necessary anymore but needs a MIR for fckeditor, so postpone dropping this change until lucid+1 * debian/rules: - Replace hardcoded python2.5 with python* and hardcore python2.6 for ln * debian/control.in: drop versioned depends on cdbs
Available diffs
moin (1.7.1-1ubuntu1.3) intrepid-security; urgency=low * SECURITY UPDATE: fix multiple CSRF vulnerabilities - debian/patches/30004_CVE-2010-0668+0717.patch: add tickets to prevent CSRF attacks in several components. Also required backporting fix for "Mail account data" does not send mails. - CVE-2010-0668 * SECURITY UPDATE: properly sanitize user profiles - debian/patches/30005_CVE-2010-0669.patch: adjust userprefs/prefs.py, user.py and wikiutil.py to sanitize input - CVE-2010-0669 -- Jamie Strandboge <email address hidden> Tue, 02 Mar 2010 10:10:42 -0600
Available diffs
1 → 50 of 98 results | First • Previous • Next • Last |