moin (1.9.2-2ubuntu2) lucid; urgency=low
* Debian declares python-werkzeug and python-parsedatetime as Depends and
python-xappy as Recommends, however these packages are in universe,
which breaks Ubuntu policy (section 2.2.1). Until these packages can be
added to main, use the embedded copies in moin.
- debian/patches/ubuntu_use_embedded_for_main.patch: update setup.py
- debian/rules: update CDBS_DEPENDS and CDBS_RECOMMENDS for the above
* SECURITY UPDATE: fix XSS in Despam action
- debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in
revert_pages()
- CVE-2010-0828
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0828
** Changed in: moin (Ubuntu Lucid)
Status: In Progress => Fix Released
** Changed in: moin (Ubuntu Dapper)
Status: In Progress => Fix Committed
** Changed in: moin (Ubuntu Hardy)
Status: In Progress => Fix Committed
** Changed in: moin (Ubuntu Intrepid)
Status: In Progress => Fix Committed
** Changed in: moin (Ubuntu Jaunty)
Status: In Progress => Fix Committed
** Changed in: moin (Ubuntu Karmic)
Status: In Progress => Fix Committed
** Visibility changed to: Public
--
XSS in Despam action
https://bugs.launchpad.net/bugs/538022
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
