[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-02-03 Thread Fumihito YOSHIDA
>- debian/pathes/30002_antispam_xss_fix.patch: use wikiutil.escape() > in MoinMoin/util/antispam.py >- CVE-2009- It was registered as CVE-2009-0312. CVE Link added. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0312 -- [moin] [DSA-1514-1] multiple vulner

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-29 Thread Jamie Strandboge
http://www.ubuntu.com/usn/usn-716-1 ** Changed in: moin (Ubuntu Dapper) Status: Fix Committed => Fix Released -- [moin] [DSA-1514-1] multiple vulnerabilities https://bugs.launchpad.net/bugs/200897 You received this bug notification because you are a member of Ubuntu Bugs, which is subscri

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-29 Thread Launchpad Bug Tracker
This bug was fixed in the package moin - 1.5.8-5.1ubuntu2.2 --- moin (1.5.8-5.1ubuntu2.2) hardy-security; urgency=low * SECURITY UPDATE: cross-site scripting via rename parameter and basename variable - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-29 Thread Launchpad Bug Tracker
This bug was fixed in the package moin - 1.5.7-3ubuntu2.1 --- moin (1.5.7-3ubuntu2.1) gutsy-security; urgency=low * SECURITY UPDATE: cross-site scripting via rename parameter and basename variable - debian/patches/30001_CVE-2009-0260.patch: use wikiutil.escape() in Moi

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-27 Thread Jamie Strandboge
** Changed in: moin (Ubuntu Dapper) Status: Confirmed => Fix Committed ** Changed in: moin (Ubuntu Dapper) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: moin (Ubuntu Gutsy) Status: Confirmed => Fix Committed ** Changed in: moin (Ubuntu Gutsy) Assign

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-27 Thread Jamie Strandboge
2007-2423 was fixed in 1.5.7-3 (Dapper and Gutsy also have the fix) 2007-2637 was fixed in 1.5.7-2 and 1.5.8 upstream. While not clear from the changelog, Dapper and Gutsy also have this commit http://hg.moinmo.in/moin/1.5/rev/0e41a0429ee1 (this CVE may have been split after publication) 2008-0

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-23 Thread Kees Cook
** Changed in: moin (Ubuntu) Status: New => Confirmed -- [moin] [DSA-1514-1] multiple vulnerabilities https://bugs.launchpad.net/bugs/200897 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@

[Bug 200897] Re: [moin] [DSA-1514-1] multiple vulnerabilities

2009-01-21 Thread jepler
I have not been able to independently confirm whether these bugs are fixed in the current moin package on hardy, but according to changelog.Debian.gz, the following CVEs listed above have been fixed in 1.5.8-5.1ubuntu2: 2008-0780 2008-0781 2008-0782. The other CVEs and the DSA aren't explicitly me