Change log for moin package in Ubuntu
| 1 → 50 of 98 results | First • Previous • Next • Last |
moin (1.9.8-1ubuntu1.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability
via SVG attachment in MoinMoin/config/__init__.py,
MoinMoin/config/multiconfig.py.
- CVE-2020-15275
* SECURITY UPDATE: Remote code execution
- debian/patches/CVE-2020-25074.patch: fix remote code execution
via cache action in MoinMoin/action/cache.py.
- CVE-2020-25074
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:46:18 -0300
Available diffs
moin (1.9.9-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: XSS vulnerability
- debian/patches/CVE-2020-15275.patch: fix stored XSS vulnerability
via SVG attachment in MoinMoin/config/__init__.py,
MoinMoin/config/multiconfig.py.
- CVE-2020-15275
* SECURITY UPDATE: Remote code execution
- debian/patches/CVE-2020-25074.patch: fix remote code execution
via cache action in MoinMoin/action/cache.py.
- CVE-2020-25074
-- <email address hidden> (Leonidas S. Barbosa) Tue, 10 Nov 2020 09:28:46 -0300
Available diffs
| Deleted in focal-release (Reason: (From Debian) RoQA; python2-only; will be replaced by moi...) |
| Deleted in focal-proposed (Reason: moved to Release) |
moin (1.9.9-1+deb9u1ubuntu1) focal; urgency=medium * Use python2. -- Matthias Klose <email address hidden> Wed, 15 Jan 2020 13:09:58 +0100
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
moin (1.9.9-1+deb9u1) stretch-security; urgency=high * Non-maintainer upload by the Security Team. * XSS in GUI editor related code (CVE-2017-5934) (Closes: #910776) -- Salvatore Bonaccorso <email address hidden> Thu, 11 Oct 2018 20:54:28 +0200
Available diffs
| Superseded in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
| Obsolete in cosmic-updates |
| Obsolete in cosmic-security |
moin (1.9.9-1ubuntu1.18.10.1) cosmic-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Oct 2018 10:54:19 -0300
Available diffs
moin (1.9.9-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:38:19 -0300
Available diffs
moin (1.9.8-1ubuntu1.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 14:31:35 -0300
moin (1.9.7-1ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: XSS in GUI editor
- debian/patches/CVE-2017-5934.patch: fix in MoinMoin/action/fckdialog.py.
- CVE-2017-5934
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Oct 2018 13:40:09 -0300
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Superseded in cosmic-release |
| Published in bionic-release |
| Obsolete in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
moin (1.9.9-1ubuntu1) zesty; urgency=medium
* Merge from debian, remaining changes:
+ debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
- Drop python-mysqldb in favor of python-pymysql.
+ debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
* Drop the following patches, no longer needed:
- debian/patches/CVE-2016-7146.patch
- debian/patches/CVE-2016-7148.patch
- debian/patches/CVE-2016-9119.patch
-- Jon Grimm <email address hidden> Tue, 07 Feb 2017 15:13:22 -0600
Available diffs
moin (1.9.8-1ubuntu1.16.10.1) yakkety-security; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in AttachFile view
- debian/patches/CVE-2016-7148.patch: properly escape pagename in
MoinMoin/action/AttachFile.py.
- CVE-2016-7148
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.8-1ubuntu1.16.04.1) xenial-security; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in AttachFile view
- debian/patches/CVE-2016-7148.patch: properly escape pagename in
MoinMoin/action/AttachFile.py.
- CVE-2016-7148
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.8-1ubuntu2) zesty; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in AttachFile view
- debian/patches/CVE-2016-7148.patch: properly escape pagename in
MoinMoin/action/AttachFile.py.
- CVE-2016-7148
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:45:20 -0500
Available diffs
moin (1.9.7-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:53:09 -0500
Available diffs
moin (1.9.3-1ubuntu2.3) precise-security; urgency=medium
* SECURITY UPDATE: XSS in attachment dialogue
- debian/patches/CVE-2016-7146.patch: properly escape page_name in
MoinMoin/action/fckdialog.py.
- CVE-2016-7146
* SECURITY UPDATE: XSS in link dialogue
- debian/patches/CVE-2016-9119.patch: properly escape strings in
MoinMoin/action/fckdialog.py.
- CVE-2016-9119
-- Marc Deslauriers <email address hidden> Tue, 22 Nov 2016 07:54:06 -0500
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
moin (1.9.8-1ubuntu1) xenial; urgency=medium
* Merge from debian, remaining changes:
+ debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
- Drop python-mysqldb in favor of python-pymysql.
+ debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
moin (1.9.7-2ubuntu3) wily; urgency=medium
* debian/patches/pymysql-replacement.patch: Use pymysql as drop in
replacement for MySQLdb.
-- Corey Bryant <email address hidden> Tue, 25 Aug 2015 15:30:19 -0400
Available diffs
- diff from 1.9.7-2ubuntu2 to 1.9.7-2ubuntu3 (675 bytes)
moin (1.9.7-2ubuntu2) wily; urgency=medium * debian/control: Drop python-mysqldb in favor of python-pymysql. -- Corey Bryant <email address hidden> Mon, 24 Aug 2015 10:52:14 -0400
Available diffs
- diff from 1.9.7-2ubuntu1 to 1.9.7-2ubuntu2 (789 bytes)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
moin (1.9.7-2ubuntu1) utopic; urgency=medium * Merge from Debian unstable (LP: #1351331). Remaining changes: * debian/control: - remove python-xml from Suggests field, the package isn't in sys.path any more. - demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
- diff from 1.9.7-1ubuntu2 to 1.9.7-2ubuntu1 (54.1 KiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
moin (1.9.7-1ubuntu2) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose <email address hidden> Sun, 23 Feb 2014 13:48:55 +0000
Available diffs
- diff from 1.9.7-1ubuntu1 to 1.9.7-1ubuntu2 (327 bytes)
moin (1.9.7-1ubuntu1) trusty; urgency=medium
* Merge with Debian; remaining changes:
* debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
Available diffs
- diff from 1.9.5-5ubuntu1 to 1.9.7-1ubuntu1 (235.3 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
moin (1.9.5-5ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
* debian/control:
- remove python-xml from Suggests field, the package isn't in
sys.path any more.
- demote fckeditor from Recommends to Suggests; the code was previously
embedded in moin, but it was also disabled, so there's no reason for us
to pull this in by default currently. Note: fckeditor has a number of
security problems and so this change probably needs to be carried
indefinitely.
-- Sebastien Bacher <email address hidden> Thu, 16 May 2013 11:56:01 +0200
Available diffs
| Superseded in saucy-release |
| Obsolete in raring-release |
| Deleted in raring-proposed (Reason: moved to release) |
moin (1.9.5-4ubuntu1) raring-proposed; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
isn't in sys.path any more.
- debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
code was previously embedded in moin, but it was also disabled, so
there's no reason for us to pull this in by default currently. Note:
fckeditor has a number of security problems and so this change probably
needs to be carried indefinitely.
* Dropped the following patches, no longer needed:
- debian/patches/CVE-2012-XXXX.patch
- debian/patches/CVE-2012-YYYY.patch
Available diffs
moin (1.9.5-1ubuntu2) raring-proposed; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:24:10 -0600
Available diffs
moin (1.9.3-1ubuntu3.1) quantal-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:22:20 -0600
Available diffs
moin (1.9.3-1ubuntu1.11.10.2) oneiric-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:18:00 -0600
Available diffs
moin (1.9.3-1ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:20:21 -0600
Available diffs
moin (1.9.2-2ubuntu3.3) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via anywikidraw/twikidraw
- debian/patches/CVE-2012-XXXX.patch: adjust action/anywikidraw.py and
action/twikidraw.py to use wikiutil.taintfilename()
- CVE-2012-XXXX
* SECURITY UPDATE: path traversal via AttachFile
- debian/patches/CVE-2012-YYYY.patch: adjust action/AttachFile.py to use
wikiutil.taintfilename()
- CVE-2012-YYYY
-- Jamie Strandboge <email address hidden> Sat, 29 Dec 2012 18:14:52 -0600
Available diffs
moin (1.9.5-1ubuntu1) raring; urgency=low * Merge from Debian unstable (LP: #1046616). Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
moin (1.9.3-1ubuntu3) quantal; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:13:05 -0400
Available diffs
moin (1.9.3-1ubuntu2.1) precise-security; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:18:19 -0400
Available diffs
moin (1.9.3-1ubuntu1.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:19:19 -0400
Available diffs
moin (1.9.3-1ubuntu1.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:20:46 -0400
Available diffs
moin (1.9.2-2ubuntu3.2) lucid-security; urgency=low
* SECURITY UPDATE: cross-site scripting issue in reStructuredText parser
- debian/patches/CVE-2011-1058.patch: remove javascript support in
MoinMoin/parser/text_rst.py.
- CVE-2011-1058
* SECURITY UPDATE: incorrect permissions due to broken virtual group
names handling
- debian/patches/CVE-2012-4404.patch: fix group test in
MoinMoin/security/__init__.py, added test in
MoinMoin/security/_tests/test_security.py.
- CVE-2012-4404
-- Marc Deslauriers <email address hidden> Wed, 10 Oct 2012 10:22:03 -0400
Available diffs
moin (1.9.3-1ubuntu2) precise; urgency=low * Build using dh_python2 -- Matthias Klose <email address hidden> Sat, 17 Dec 2011 13:16:29 +0000
Available diffs
- diff from 1.9.3-1 (in Debian) to 1.9.3-1ubuntu2 (3.4 KiB)
- diff from 1.9.3-1ubuntu1 to 1.9.3-1ubuntu2 (730 bytes)
moin (1.5.2-1ubuntu2.7) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/103_CVE-2010-2487,2969,2970.patch: properly escape
strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
MoinMoin/action/*.py.
- CVE-2010-2487
- CVE-2010-2969
-- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 13:47:29 -0400
Available diffs
moin (1.5.8-5.1ubuntu2.5) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/30009_CVE-2010-2487,2969,2970.patch: properly escape
strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
MoinMoin/action/*.py.
- CVE-2010-2487
- CVE-2010-2969
-- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 13:37:52 -0400
Available diffs
moin (1.8.2-2ubuntu2.5) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/30006_CVE-2010-2487,2969,2970.patch: properly escape
strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
MoinMoin/action/*.py.
- CVE-2010-2487
- CVE-2010-2969
-- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 11:01:45 -0400
Available diffs
moin (1.8.4-1ubuntu1.3) karmic-security; urgency=low
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/30003_CVE-2010-2487,2969,2970.patch: properly escape
strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
MoinMoin/action/*.py.
- CVE-2010-2487
- CVE-2010-2969
-- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 10:49:14 -0400
Available diffs
moin (1.9.2-2ubuntu3.1) lucid-security; urgency=low
* SECURITY UPDATE: arbitrary script injection via multiple cross-site
scripting issues.
- debian/patches/CVE-2010-2487,2969,2970.patch: properly escape strings
in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
MoinMoin/action/*.py.
- CVE-2010-2487
- CVE-2010-2969
- CVE-2010-2970
-- Marc Deslauriers <email address hidden> Fri, 20 Aug 2010 10:37:01 -0400
Available diffs
| Superseded in precise-release |
| Obsolete in oneiric-release |
| Obsolete in natty-release |
| Obsolete in maverick-release |
moin (1.9.3-1ubuntu1) maverick; urgency=low * Merge from Debian unstable (LP: #586518). Based on work by Stefan Ebner. Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: fckeditor has a number of security problems and so this change probably needs to be carried indefinitely.
Available diffs
- diff from 1.9.3-1 (in Debian) to 1.9.3-1ubuntu1 (3.1 KiB)
- diff from 1.9.2-2ubuntu3 to 1.9.3-1ubuntu1 (326.3 KiB)
moin (1.8.2-2ubuntu2.4) jaunty-security; urgency=low
* SECURITY UPDATE: restrictions bypass via incorrect acl checking
- debian/patches/30005_CVE-2009-4762.patch: don't check parents if item
has an ACL in MoinMoin/security/__init__.py.
- CVE-2009-4762
-- Marc Deslauriers <email address hidden> Tue, 18 May 2010 12:56:39 -0400
Available diffs
- diff from 1.8.2-2ubuntu2.3 to 1.8.2-2ubuntu2.4 (849 bytes)
moin (1.9.2-2ubuntu3) lucid; urgency=low
* debian/rules: Avoid pulling libapache2-mod-wsgi by default, by recommending
"apache2 | httpd-cgi" instead of "libapache2-mod-wsgi | httpd-cgi".
Suggest libapache2-mod-wsgi instead. That prevents us from needing to rush
libapache2-mod-wsgi in main one week before release.
-- Thierry Carrez <email address hidden> Fri, 23 Apr 2010 15:21:19 +0200
Available diffs
- diff from 1.9.2-2ubuntu2 to 1.9.2-2ubuntu3 (770 bytes)
moin (1.7.1-1ubuntu1.5) intrepid-security; urgency=low
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/30006_CVE-2010-0828.patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
* SECURITY UPDATE: fix bypass of textcha protection
- debian/patches/30007_CVE-2010-1238.patch: make sure the question and
answer form fields are filled in
- CVE-2010-1238
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:53:34 -0500
Available diffs
| Superseded in lucid-release |
moin (1.9.2-2ubuntu2) lucid; urgency=low
* Debian declares python-werkzeug and python-parsedatetime as Depends and
python-xappy as Recommends, however these packages are in universe,
which breaks Ubuntu policy (section 2.2.1). Until these packages can be
added to main, use the embedded copies in moin.
- debian/patches/ubuntu_use_embedded_for_main.patch: update setup.py
- debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in
revert_pages()
- CVE-2010-0828
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 15:09:54 -0500
Available diffs
moin (1.8.4-1ubuntu1.2) karmic-security; urgency=low
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/30002_CVE-2010-0828.patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:58:02 -0500
Available diffs
- diff from 1.8.4-1ubuntu1.1 to 1.8.4-1ubuntu1.2 (886 bytes)
moin (1.8.2-2ubuntu2.3) jaunty-security; urgency=low
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/30004_CVE-2010-0828.patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:55:32 -0500
Available diffs
- diff from 1.8.2-2ubuntu2.2 to 1.8.2-2ubuntu2.3 (887 bytes)
moin (1.5.8-5.1ubuntu2.4) hardy-security; urgency=low
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/30008_CVE-2010-0828.patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:51:01 -0500
Available diffs
moin (1.5.2-1ubuntu2.6) dapper-security; urgency=low
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/102_CVE-2010-0828.patch: use wikiutil.escape()
in revert_pages()
- CVE-2010-0828
-- Jamie Strandboge <email address hidden> Tue, 30 Mar 2010 13:47:10 -0500
Available diffs
- diff from 1.5.2-1ubuntu2.5 to 1.5.2-1ubuntu2.6 (870 bytes)
| Superseded in lucid-release |
moin (1.9.2-2ubuntu1) lucid; urgency=low * Merge from Debian testing (LP: #521834). Based on work by Stefan Ebner. Remaining changes: - Remove python-xml from Suggests field, the package isn't anymore in sys.path. - Demote fckeditor from Recommends to Suggests; the code was previously embedded in moin, but it was also disabled, so there's no reason for us to pull this in by default currently. Note: This isn't necessary anymore but needs a MIR for fckeditor, so postpone dropping this change until lucid+1 * debian/rules: - Replace hardcoded python2.5 with python* and hardcore python2.6 for ln * debian/control.in: drop versioned depends on cdbs
Available diffs
moin (1.7.1-1ubuntu1.3) intrepid-security; urgency=low
* SECURITY UPDATE: fix multiple CSRF vulnerabilities
- debian/patches/30004_CVE-2010-0668+0717.patch: add tickets to prevent
CSRF attacks in several components. Also required backporting fix for
"Mail account data" does not send mails.
- CVE-2010-0668
* SECURITY UPDATE: properly sanitize user profiles
- debian/patches/30005_CVE-2010-0669.patch: adjust userprefs/prefs.py,
user.py and wikiutil.py to sanitize input
- CVE-2010-0669
-- Jamie Strandboge <email address hidden> Tue, 02 Mar 2010 10:10:42 -0600
Available diffs
| 1 → 50 of 98 results | First • Previous • Next • Last |
