moin 1.5.2-1ubuntu2.4 source package in Ubuntu

Changelog

moin (1.5.2-1ubuntu2.4) dapper-security; urgency=low

  * SECURITY UPDATE: cross-site scripting via rename parameter and
    basename variable
    - debian/patches/094_CVE-2009-0260.patch: use wikiutil.escape() in
      MoinMoin/action/AttachFile.py
    - CVE-2009-0260
  * SECURITY UPDATE: cross-site scripting via content variable
    - debian/pathes/095_antispam_xss_fix.patch: use wikiutil.escape()
      in MoinMoin/util/antispam.py
    - CVE-2009-XXXX
  * SECURITY UPDATE: cross-site scripting in AttachFile
    - debian/patches/096_CVE-2008-0781.patch: use wikiutil.escape() for
      msg and target filenames in MoinMoin/action/AttachFile.py
    - CVE-2008-0781
    - LP: #200897
  * SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
      cookie action
    - debian/patches/097_CVE-2008-0782.patch: update MoinMoin/user.py to
      check USERID via the new id_sanitycheck() function
    - CVE-2008-0782
  * SECURITY UPDATE: cross-site scripting in PageEditor
    - debian/patches/098_CVE-2008-1098.patch: use wikiutil.escape() in
      MoinMoin/PageEditor.py
    - CVE-2008-1098
  * SECURITY UPDATE: _macro_Getval does not properly enforce ACLs
    - debian/patches/099_CVE-2008-1099.patch: update wikimacro.py and
      wikiutil.py to use request.user.may.read()
    - CVE-2008-1099

 -- Jamie Strandboge <email address hidden>   Tue, 27 Jan 2009 16:54:42 -0600