rpms/moin/F-11 moin-6e603e5411ca.patch,NONE,1.1 moin.spec,1.32,1.33
Ville-Pekka Vainio
vpv at fedoraproject.org
Sat Apr 3 20:34:35 UTC 2010
Author: vpv
Update of /cvs/pkgs/rpms/moin/F-11
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv31870
Modified Files:
moin.spec
Added Files:
moin-6e603e5411ca.patch
Log Message:
* Sat Apr 03 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-2
- Fixes CVE-2010-0828 (rhbz#578801)
moin-6e603e5411ca.patch:
Despam.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- NEW FILE moin-6e603e5411ca.patch ---
# HG changeset patch
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
# Date 1269980382 -7200
# Node ID 6e603e5411ca258cb604c37228cf9ae42bc55745
# Parent 369a2c879eb6249c16abe6da285d8ed309b29a6a
fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing
Bug-Ubuntu: https://launchpad.net/bugs/538022
--- a/MoinMoin/action/Despam.py Thu Feb 25 16:51:33 2010 +0100
+++ b/MoinMoin/action/Despam.py Tue Mar 30 22:19:42 2010 +0200
@@ -173,14 +173,14 @@
if repr(line.getInterwikiEditorData(request)) == editor:
revertpages.append(line.pagename)
- request.write("Pages to revert:<br>%s" % "<br>".join(revertpages))
+ request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages]))
for pagename in revertpages:
- request.write("Begin reverting %s ...<br>" % pagename)
+ request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename))
msg = revert_page(request, pagename, editor)
if msg:
request.write("<p>%s: %s</p>" % (
Page.Page(request, pagename).link_to(request), msg))
- request.write("Finished reverting %s.<br>" % pagename)
+ request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename))
def execute(pagename, request):
_ = request.getText
Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-11/moin.spec,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -p -r1.32 -r1.33
--- moin.spec 18 Feb 2010 12:39:16 -0000 1.32
+++ moin.spec 3 Apr 2010 20:34:35 -0000 1.33
@@ -3,12 +3,14 @@
Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
Name: moin
Version: 1.8.7
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+
Group: Applications/Internet
URL: http://moinmo.in/
Source0: http://static.moinmo.in/files/moin-%{version}.tar.gz
Source1: README-rpm
+# For CVE-2010-0828
+Patch0: moin-6e603e5411ca.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel
BuildArch: noarch
@@ -21,6 +23,7 @@ editable web pages.
%prep
%setup -q
+%patch0 -p1
# The filemanager directory included vulnerable code in the past, it shouldn't
# anymore, but let's remove it just to be sure.
rm -r wiki/htdocs/applets/FCKeditor/editor/filemanager/
@@ -54,6 +57,9 @@ rm -r wiki/htdocs/applets/FCKeditor/edit
%changelog
+* Sat Apr 03 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-2
+- Fixes CVE-2010-0828 (rhbz#578801)
+
* Thu Feb 18 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.8.7-1
- Fixed major security issues in miscellaneous parts of moin
- http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
More information about the scm-commits
mailing list