UbuntuUpdates.org


AllMaverickLucidKarmicJauntyIntrepidHardyAll PPAs
Recent Search QueriesSearch Statistics

Package moin

Name: moin

Description:

This package is just an umbrella for a group of other packages, it has no description. Please select a package in "Packages in group" for more information.
Latest version: 1.8.2-2ubuntu2.5
Ubuntu release: jaunty (9.04)
Level: security
Repository: main

All versions of moin in Jaunty

security (this page) base updates
1.8.2-2ubuntu2.5 1.8.2-2ubuntu2 1.8.2-2ubuntu2.5

See all versions of moin in all Ubuntu releases and repositories.

Links

Packages in group

python-moinmoin

Change Log

Version: 1.8.2-2ubuntu2.5 2010-08-25 16:04:23 UTC 
moin (1.8.2-2ubuntu2.5) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary script injection via multiple cross-site
    scripting issues.
    - debian/patches/30006_CVE-2010-2487,2969,2970.patch: properly escape
      strings in MoinMoin/{Page,PageEditor,PageGraphicalEditor}.py,
      MoinMoin/action/*.py.
    - CVE-2010-2487
    - CVE-2010-2969

 -- Marc Deslauriers   Fri, 20 Aug 2010 11:01:45 -0400
Source diff to previous version
CVE-2010-2487 Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers t
CVE-2010-2969 Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary

Version: 1.8.2-2ubuntu2.4 2010-05-20 14:01:19 UTC 
moin (1.8.2-2ubuntu2.4) jaunty-security; urgency=low

  * SECURITY UPDATE: restrictions bypass via incorrect acl checking
    - debian/patches/30005_CVE-2009-4762.patch: don't check parents if item
      has an ACL in MoinMoin/security/__init__.py.
    - CVE-2009-4762

 -- Marc Deslauriers   Tue, 18 May 2010 12:56:39 -0400
Source diff to previous version
CVE-2009-4762 MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, w

Version: 1.8.2-2ubuntu2.3 2010-04-08 17:01:36 UTC 
moin (1.8.2-2ubuntu2.3) jaunty-security; urgency=low

  * SECURITY UPDATE: fix XSS in Despam action
    - debian/patches/30004_CVE-2010-0828.patch: use wikiutil.escape()
      in revert_pages()
    - CVE-2010-0828

 -- Jamie Strandboge   Tue, 30 Mar 2010 13:55:32 -0500
Source diff to previous version
CVE-2010-0828 Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users

Version: 1.8.2-2ubuntu2.2 2010-03-12 01:01:10 UTC 
moin (1.8.2-2ubuntu2.2) jaunty-security; urgency=low

  * SECURITY UPDATE: fix multiple CSRF vulnerabilities
    - debian/patches/30002_CVE-2010-0668+0717.patch: add tickets to prevent
      CSRF attacks in several components.
    - CVE-2010-0668
  * SECURITY UPDATE: properly sanitize user profiles
    - debian/patches/30003_CVE-2010-0669.patch: adjust userprefs/prefs.py,
      user.py and wikiutil.py to sanitize input
    - CVE-2010-0669

 -- Jamie Strandboge   Tue, 02 Mar 2010 12:13:13 -0600
CVE-2010-0668 Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related t
CVE-2010-0669 MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.


About   -   Changelog   -   Send Feedback