UbuntuUpdates.org

Package moin

Name:	moin
Description:	This package is just an umbrella for a group of other packages, it has no description. Please select a package in "Packages in group" for more information.
Latest version:	1.7.1-1ubuntu1.5
Ubuntu release:	intrepid (8.10)
Level:	security
Repository:	main

All versions of moin in Intrepid

security (this page)	base	updates
1.7.1-1ubuntu1.5	1.7.1-1ubuntu1	1.7.1-1ubuntu1.5

See all versions of moin in all Ubuntu releases and repositories.

Links

• Save this URL for the latest version of "moin": http://www.ubuntuupdates.org/moin
• External home page for moin

Packages in group

python-moinmoin

Change Log

Version: 1.7.1-1ubuntu1.5	2010-04-08 17:02:00 UTC
moin (1.7.1-1ubuntu1.5) intrepid-security; urgency=low * SECURITY UPDATE: fix XSS in Despam action - debian/patches/30006_CVE-2010-0828.patch: use wikiutil.escape() in revert_pages() - CVE-2010-0828 * SECURITY UPDATE: fix bypass of textcha protection - debian/patches/30007_CVE-2010-1238.patch: make sure the question and answer form fields are filled in - CVE-2010-1238 -- Jamie Strandboge Tue, 30 Mar 2010 13:53:34 -0500
Source diff to previous version
CVE-2010-0828 Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users CVE-2010-1238 MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have

Version: 1.7.1-1ubuntu1.3	2010-03-12 01:01:39 UTC
moin (1.7.1-1ubuntu1.3) intrepid-security; urgency=low * SECURITY UPDATE: fix multiple CSRF vulnerabilities - debian/patches/30004_CVE-2010-0668+0717.patch: add tickets to prevent CSRF attacks in several components. Also required backporting fix for "Mail account data" does not send mails. - CVE-2010-0668 * SECURITY UPDATE: properly sanitize user profiles - debian/patches/30005_CVE-2010-0669.patch: adjust userprefs/prefs.py, user.py and wikiutil.py to sanitize input - CVE-2010-0669 -- Jamie Strandboge Tue, 02 Mar 2010 10:10:42 -0600
CVE-2010-0668 Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related t CVE-2010-0669 MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.

---

Share this page

Tweet

News

  News
  Comments

Recent

Opera 10.61 in Opera PPA
Maverick soon to be added to UbuntuUpdates
Thunderbird 3.1 in Lucid
Opera 10.60 in Opera PPA
KDE 4.4.4 in Lucid

Most Popular

Maverick package stats
All UbuntuUpdates News Feeds
Google Chrome in Ubuntu: 2 repositories, 3 versions
KDE 4.4 PPA for Karmic: all the details
Install Firefox 3.6 in Karmic
Introducing ubuntuupdates.org

See all

Bookmarks

skype 2.1.0.81-1
gnome-shell 2.31.4
virtualbox 3.2.8-64453
opera 10.61.6430
wine1.3 1.3.1-0
linux-maverick 2.6.35-19.25
kernel 2.6.35-19.28
nvidia-graphics-drivers 256.52-0
kernel 2.6.32-25.43
gwibber 2.30.2-0
google-chrome-beta 6.0.472.53
pidgin 1:2.7.3-1
mythtv 0.23.1
chromium-browser 7.0.517.0
firefox-4.0 4.0

Latest updates

  Packages changelogs
  Bugs & CVEs

updates

collectd (lucid)
sawfish (lucid)
gdebi (lucid)
gwibber (lucid)
lazr.restfulclient (lucid)

base

libgenome (maverick)
llvm-2.8 (maverick)
jockey (maverick)
nvidia-settings (maverick)
opendrim-lmp-ssh (maverick)
opendrim-lmp-bios (maverick)
elilo (maverick)
docky (maverick)
fai (maverick)
gkeyfile-sharp (maverick)
libconfig-simple-perl (maverick)
wsjt (maverick)
angband (maverick)
cobertura-maven-plugin (maverick)
lilypond (maverick)
localepurge (maverick)
lxc (maverick)
nlog (maverick)
puppet (maverick)
pymt (maverick)
qt4-x11 (maverick)
casper (maverick)
libmtp (maverick)
puppet (maverick)
usb-creator (maverick)

See all

PPA updates

  PPAs

chromium-browser (maverick)
firefox-4.0 (maverick)
xulrunner-2.0 (maverick)
firefox-4.0 (lucid)
xulrunner-2.0 (lucid)
chromium-browser (lucid)
xulrunner-2.0 (karmic)
chromium-browser (karmic)
firefox-4.0 (karmic)
gnaural (lucid)
ogmrip (lucid)
qbittorrent (lucid)
sqlrunner (lucid)
thunderbird (maverick)
docky (maverick)
docky (karmic)
docky (lucid)
nautilus-flickr-uploader (lucid)
sweethome3d (lucid)
transgui (lucid)
wiican (lucid)
xulrunner-1.9.2 (lucid)
xulrunner-1.9.2 (maverick)
xulrunner-1.9.2 (karmic)
thunderbird (lucid)
xulrunner-1.9.2 (lucid)
thunderbird (karmic)
xulrunner-1.9.2 (karmic)
mythplugins (maverick)
myththemes (maverick)

See all