* SECURITY UPDATE: cross-site scripting via rename parameter and basename variable - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in MoinMoin/action/AttachFile.py - CVE-2009-0260 * SECURITY UPDATE: cross-site scripting via content variable - debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape() in MoinMoin/util/antispam.py - CVE-2009-XXXX * SECURITY UPDATE: cross-site scripting in login - debian/patches/30003_CVE-2008-0780.patch: update action/login.py to use wikiutil.escape() for name - CVE-2008-0780 - LP: #200897 * SECURITY UPDATE: cross-site scripting in AttachFile - debian/patches/30004_CVE-2008-0781.patch: use wikiutil.escape() for msg, pagename and target filenames in MoinMoin/action/AttachFile.py - CVE-2008-0781 * SECURITY UPDATE: directory traversal vulnerability via MOIN_ID in userform cookie action - debian/patches/30005_CVE-2008-0782.patch: update MoinMoin/user.py to check USERID via the new id_sanitycheck() function - CVE-2008-0782