~ubuntu-branches/ubuntu/hardy/moin/hardy-security

Viewing changes to debian/patches/30003_CVE-2008-0780.patch

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2009-01-29 17:37:53 UTC
Revision ID: james.westby@ubuntu.com-20090129173753-xm7nl5v3m2sneajf

Tags: 1.5.8-5.1ubuntu2.2

https://launchpad.net/bugs/200897

* SECURITY UPDATE: cross-site scripting via rename parameter and
  basename variable
  - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in
    MoinMoin/action/AttachFile.py
  - CVE-2009-0260
* SECURITY UPDATE: cross-site scripting via content variable
  - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape()
    in MoinMoin/util/antispam.py
  - CVE-2009-XXXX
* SECURITY UPDATE: cross-site scripting in login
  - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use
    wikiutil.escape() for name
  - CVE-2008-0780
  - LP: #200897
* SECURITY UPDATE: cross-site scripting in AttachFile
  - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for
    msg, pagename and target filenames in MoinMoin/action/AttachFile.py
  - CVE-2008-0781
* SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform
    cookie action
  - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to
    check USERID via the new id_sanitycheck() function
  - CVE-2008-0782