Ubuntu
moin package

Please merge moin 1.8.1-1.1 (main) from Debian unstable (main).

Bug #322890 reported by Alessio Treglia on 2009-01-29

2

Affects		Status	Importance	Assigned to	Milestone
	moin (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

affects ubuntu/moin
status new
importance wishlist
subscribe ubuntu-main-sponsors

Please merge moin 1.8.1-1.1 (main) from Debian unstable (main).

New debian version fixes the following CVE:
- CVE-2009-0260
- CVE-2009-0312

Changelog since current jaunty version 1.8.1-1ubuntu1:

moin (1.8.1-1.1) unstable; urgency=high

  * Non-maintainer upload by the security team
  * Fix cross-site scripting vulnerability via basename parameter in the
    AttachFile action (Closes: #513158)
    Fixes: CVE-2009-0260
  * Fix cross-site scripting vulnerability in antispam.py via malformed
    content
    Fixes: CVE-2009-0312

-- Steffen Joeris <email address hidden> Wed, 28 Jan 2009 02:34:32 +0100

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkmCCwwACgkQRdSMfNz8P9DFawCfdDrd3FzRb6jcpRZ+ebat6kKY
wd8AmwS1yP+vDu6NInFjKxTDuueP8B3J
=FSa+
-----END PGP SIGNATURE-----

Related branches

lp://staging/ubuntu/natty/moin

CVE References

Revision history for this message

Alessio Treglia (quadrispro) wrote on 2009-01-29:

#1

moin_1.8.1-1.1ubuntu1.debdiff Edit (4.3 KiB, text/plain)

Revision history for this message

Alessio Treglia (quadrispro) wrote on 2009-01-29:

#2

ubuntu-to-ubuntu.debdiff Edit (3.2 KiB, text/plain)

Changed in moin:
status:	New → Confirmed

Revision history for this message

Alessio Treglia (quadrispro) wrote on 2009-01-29:

#3

moin_1.8.1-1.1ubuntu1_amd64.build Edit (401.0 KiB, text/plain)

Revision history for this message

Alessio Treglia (quadrispro) wrote on 2009-01-29:

#4

moin (1.8.1-1.1ubuntu1) jaunty; urgency=low

  * Merge from debian unstable (LP: #322890), Ubuntu remaining changes:
    - Remove python-xml from Recommends field, the package isn't anymore in
      sys.path.

-- Alessio Treglia <email address hidden> Thu, 29 Jan 2009 20:36:20 +0100

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-02-11:

#5

This bug was fixed in the package moin - 1.8.1-1.1ubuntu1

---------------
moin (1.8.1-1.1ubuntu1) jaunty; urgency=low

  * Merge from debian unstable (LP: #322890), Ubuntu remaining changes:
    - Remove python-xml from Recommends field, the package isn't anymore in
      sys.path.

moin (1.8.1-1.1) unstable; urgency=high

  * Non-maintainer upload by the security team
  * Fix cross-site scripting vulnerability via basename parameter in the
    AttachFile action (Closes: #513158)
    Fixes: CVE-2009-0260
  * Fix cross-site scripting vulnerability in antispam.py via malformed
    content
    Fixes: CVE-2009-0312

-- Alessio Treglia <email address hidden> Thu, 29 Jan 2009 20:36:20 +0100

Changed in moin:
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Bug attachments

moin_1.8.1-1.1ubuntu1_amd64.build Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.