rpms/moin/F-11 moin-6e603e5411ca.patch,NONE,1.1 moin.spec,1.32,1.33

Sat Apr 3 20:34:35 UTC 2010

Author: vpv

Update of /cvs/pkgs/rpms/moin/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv31870

Modified Files:
	moin.spec 
Added Files:
	moin-6e603e5411ca.patch 
Log Message:
* Sat Apr 03 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-2
- Fixes CVE-2010-0828 (rhbz#578801)


moin-6e603e5411ca.patch:
 Despam.py |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- NEW FILE moin-6e603e5411ca.patch ---

# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1269980382 -7200
# Node ID 6e603e5411ca258cb604c37228cf9ae42bc55745
# Parent  369a2c879eb6249c16abe6da285d8ed309b29a6a
fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing

Bug-Ubuntu: https://launchpad.net/bugs/538022

--- a/MoinMoin/action/Despam.py	Thu Feb 25 16:51:33 2010 +0100
+++ b/MoinMoin/action/Despam.py	Tue Mar 30 22:19:42 2010 +0200
@@ -173,14 +173,14 @@
             if repr(line.getInterwikiEditorData(request)) == editor:
                 revertpages.append(line.pagename)
 
-    request.write("Pages to revert:<br>%s" % "<br>".join(revertpages))
+    request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages]))
     for pagename in revertpages:
-        request.write("Begin reverting %s ...<br>" % pagename)
+        request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename))
         msg = revert_page(request, pagename, editor)
         if msg:
             request.write("<p>%s: %s</p>" % (
                 Page.Page(request, pagename).link_to(request), msg))
-        request.write("Finished reverting %s.<br>" % pagename)
+        request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename))
 
 def execute(pagename, request):
     _ = request.getText



Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-11/moin.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- moin.spec	18 Feb 2010 12:39:16 -0000	1.32
+++ moin.spec	3 Apr 2010 20:34:35 -0000	1.33
@@ -3,12 +3,14 @@
 Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
 Name: moin
 Version: 1.8.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/Internet
 URL: http://moinmo.in/
 Source0: http://static.moinmo.in/files/moin-%{version}.tar.gz
 Source1: README-rpm
+# For CVE-2010-0828
+Patch0: moin-6e603e5411ca.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: python-devel
 BuildArch: noarch
@@ -21,6 +23,7 @@ editable web pages.
 
 %prep
 %setup -q
+%patch0 -p1
 # The filemanager directory included vulnerable code in the past, it shouldn't
 # anymore, but let's remove it just to be sure.
 rm -r wiki/htdocs/applets/FCKeditor/editor/filemanager/
@@ -54,6 +57,9 @@ rm -r wiki/htdocs/applets/FCKeditor/edit
 
 
 %changelog
+* Sat Apr 03 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-2
+- Fixes CVE-2010-0828 (rhbz#578801)
+
 * Thu Feb 18 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-1
 - Fixed major security issues in miscellaneous parts of moin
 - http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES

