Ubuntu
moin package

Change logs for moin source package in Hardy

  1. Hardy (8.04)
  2. Change log 
  • moin (1.5.8-5.1ubuntu2.5) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary script injection via multiple cross-site
    scripting issues.
    - debian/patches/30009_CVE-2010-2487,2969,2970.patch: properly escape
      strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
      MoinMoin/action/*.py.
    - CVE-2010-2487
    - CVE-2010-2969
 -- Marc Deslauriers <email address hidden>   Fri, 20 Aug 2010 13:37:52 -0400
  • moin (1.5.8-5.1ubuntu2.4) hardy-security; urgency=low

  * SECURITY UPDATE: fix XSS in Despam action
    - debian/patches/30008_CVE-2010-0828.patch: use wikiutil.escape()
      in revert_pages()
    - CVE-2010-0828
 -- Jamie Strandboge <email address hidden>   Tue, 30 Mar 2010 13:51:01 -0500
  • moin (1.5.8-5.1ubuntu2.3) hardy-security; urgency=low

  * SECURITY UPDATE: fix multiple CSRF vulnerabilities
    - debian/patches/30006_CVE-2010-0668.patch: add tickets to prevent CSRF
      attacks in several components.
    - CVE-2010-0668
  * SECURITY UPDATE: properly sanitize user profiles
    - debian/patches/30007_CVE-2010-0669.patch: adjust userprefs/prefs.py,
      user.py and wikiutil.py to sanitize input
    - CVE-2010-0669
 -- Jamie Strandboge <email address hidden>   Tue, 09 Mar 2010 15:22:12 -0600
  • moin (1.5.8-5.1ubuntu2.2) hardy-security; urgency=low

  * SECURITY UPDATE: cross-site scripting via rename parameter and
    basename variable
    - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
      MoinMoin/action/AttachFile.py
    - CVE-2009-0260
  * SECURITY UPDATE: cross-site scripting via content variable
    - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
      in MoinMoin/util/antispam.py
    - CVE-2009-XXXX
  * SECURITY UPDATE: cross-site scripting in login
    - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
      wikiutil.escape() for name
    - CVE-2008-0780
    - LP: #200897
  * SECURITY UPDATE: cross-site scripting in AttachFile
    - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
      msg, pagename and target filenames in MoinMoin/action/AttachFile.py
    - CVE-2008-0781
  * SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
      cookie action
    - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
      check USERID via the new id_sanitycheck() function
    - CVE-2008-0782

 -- Jamie Strandboge <email address hidden>   Thu, 29 Jan 2009 17:37:53 -0600
  • moin (1.5.8-5.1ubuntu2) hardy; urgency=low

  * Do not suggest python-xml, but python-4suite-xml.

 -- Matthias Klose <email address hidden>   Wed, 27 Feb 2008 16:06:05 +0000
  • moin (1.5.8-5.1ubuntu1) hardy; urgency=low

  * Merge with Debian (LP: #193869); remaining changes:
    - Suggest python-xml (needed for DocBook rendering). LP: #31728.

 -- Emanuele Gentili <email address hidden>   Thu, 21 Feb 2008 02:22:30 +0100
  • moin (1.5.8-5ubuntu1) hardy; urgency=low

  * Merge with Debian; remaining changes:
    - Suggest python-xml (needed for DocBook rendering). LP: #31728.

moin (1.5.8-5) unstable; urgency=high

  * Acknowledge NMU.
    + Rename patch to 10011 (to match documented naming scheme).
    + Unfuzz patch.
  * Use Vcs-* fields (not XS-Vcs-* fields) in debian/control.

moin (1.5.8-4.1) unstable; urgency=high

  * Non-maintainer upload by the testing-security team
  * Include upstream patch to enable whitelisting, instead of
    insufficient blacklisting for file uploads (Closes: #429205)
    Fixes: CVE-2007-5156, CVE-2007-3163, CVE-2007-2630, CVE-2006-0658

moin (1.5.8-4) unstable; urgency=low

  * Sync with upstream HG development source as of today (patchset 851):
    + Avoid out-of-space file corruption of "current" page.
    + Fix translation of "Toggle line numbers" link.
  * Move Homepage to own field (from pseudo-field in long description).

moin (1.5.8-3) unstable; urgency=high

  * Acutally apply the added patch in 1.5.8-2.
  * Raise to urgency=high as these are only security-related bugfixes.

moin (1.5.8-2) unstable; urgency=low

  * Sync with upstream HG development source as of today (patchset 849):
    + XSS fix with RenamePage and and DeletePage
    + ACL fix: only send <link rel=Appendix... when there's read access

moin (1.5.8-1) unstable; urgency=low

  * New upstream release.
  * Drop all earlier patches from upstream Mercurial: applied upstream.
  * Sync with upstream HG development source as of today (patchset 845).
  * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control.
  * Update cdbs tweaks:
    + Various improvements to update-tarball.
  * Better duplicate build-dependency cleanup in debian/rules, and semi-
    auto-update debian/control:
      DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build
  * Replace deprecated ${Source-Version} with Use binNMU-safe
    ${source:Version} in debian/control. Thanks to Lintian.
  * Remove MoinMoin/i18n/meta.py in clean target.

 -- Matthias Klose <email address hidden>   Thu, 06 Dec 2007 17:44:41 +0000
  • moin (1.5.7-3ubuntu2) gutsy; urgency=low

  * Suggest python-xml (needed for DocBook rendering). LP: #31728.

 -- Matthias Klose <email address hidden>   Sun, 09 Sep 2007 01:36:23 +0200