-
Committer:
Bazaar Package Importer
-
Author(s):
Jamie Strandboge
-
Date:
2009-01-29 17:37:53 UTC
-
Revision ID:
james.westby@ubuntu.com-20090129173753-xm7nl5v3m2sneajf
Tags: 1.5.8-5.1ubuntu2.2
* SECURITY UPDATE: cross-site scripting via rename parameter and
basename variable
- debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
MoinMoin/action/AttachFile.py
- CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
- debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
in MoinMoin/util/antispam.py
- CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
- debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
wikiutil.escape() for name
- CVE-2008-0780
- LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
- debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
msg, pagename and target filenames in MoinMoin/action/AttachFile.py
- CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
cookie action
- debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
check USERID via the new id_sanitycheck() function
- CVE-2008-0782