[ubuntu/raring-proposed] moin 1.9.5-4ubuntu1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Jan 3 18:25:18 UTC 2013 

moin (1.9.5-4ubuntu1) raring-proposed; urgency=low

  * Merge from Debian unstable. Remaining changes:
   - debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
     isn't in sys.path any more.
   - debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
     code was previously embedded in moin, but it was also disabled, so
     there's no reason for us to pull this in by default currently. Note:
     fckeditor has a number of security problems and so this change probably
     needs to be carried indefinitely.
  * Dropped the following patches, no longer needed:
    - debian/patches/CVE-2012-XXXX.patch
    - debian/patches/CVE-2012-YYYY.patch

moin (1.9.5-4) unstable; urgency=high

  * Another security fix from upstream:
    + fix path traversal vulnerability in AttachFile action
      (CVE-2012-XXXX).

moin (1.9.5-3) unstable; urgency=high

  * Security fix from upstream:
    + fix remote code execution vulnerability in twikidraw/anywikidraw
      actions (CVE-2012-XXXX).

moin (1.9.5-2) unstable; urgency=high

  * Several security fixes from upstream:
    + fix XSS issue, escape page name in rss link (CVE id not available
      yet)
    + make taintfilename more secure
    + escape user- or admin-defined css url
    + use a constant time str comparison function to prevent timing
      attacks

Date: Thu, 03 Jan 2013 10:58:34 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/moin/1.9.5-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Jan 2013 10:58:34 -0600
Source: moin
Binary: python-moinmoin
Architecture: source
Version: 1.9.5-4ubuntu1
Distribution: raring-proposed
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 python-moinmoin - Python clone of WikiWiki - library
Changes: 
 moin (1.9.5-4ubuntu1) raring-proposed; urgency=low
 .
   * Merge from Debian unstable. Remaining changes:
    - debian/rules: remove python-xml from CDBS_SUGGESTS field, the package
      isn't in sys.path any more.
    - debian/rules: demote fckeditor from CDBS_RECOMMENDS to CDBS_SUGGESTS; the
      code was previously embedded in moin, but it was also disabled, so
      there's no reason for us to pull this in by default currently. Note:
      fckeditor has a number of security problems and so this change probably
      needs to be carried indefinitely.
   * Dropped the following patches, no longer needed:
     - debian/patches/CVE-2012-XXXX.patch
     - debian/patches/CVE-2012-YYYY.patch
 .
 moin (1.9.5-4) unstable; urgency=high
 .
   * Another security fix from upstream:
     + fix path traversal vulnerability in AttachFile action
       (CVE-2012-XXXX).
 .
 moin (1.9.5-3) unstable; urgency=high
 .
   * Security fix from upstream:
     + fix remote code execution vulnerability in twikidraw/anywikidraw
       actions (CVE-2012-XXXX).
 .
 moin (1.9.5-2) unstable; urgency=high
 .
   * Several security fixes from upstream:
     + fix XSS issue, escape page name in rss link (CVE id not available
       yet)
     + make taintfilename more secure
     + escape user- or admin-defined css url
     + use a constant time str comparison function to prevent timing
       attacks
Checksums-Sha1: 
 d81ba7ec6a1ce536ffc13f07a0a2d22397dc46b8 2003 moin_1.9.5-4ubuntu1.dsc
 302b010422bd44a46b7360ce397770930f2db932 134188 moin_1.9.5-4ubuntu1.debian.tar.gz
Checksums-Sha256: 
 f643c085bb9ec7237635be96d589587515a161387013f6e274dd571ffda0a8e7 2003 moin_1.9.5-4ubuntu1.dsc
 9a82573a0f7f2cb799d28200d4953a9e1e877437e22a4f2c13d0a3b72d0071e6 134188 moin_1.9.5-4ubuntu1.debian.tar.gz
Files: 
 5de5872ab0c91b56a6d11a78ad2ba4c6 2003 net optional moin_1.9.5-4ubuntu1.dsc
 48fcac320a8cae05082835369805188a 134188 net optional moin_1.9.5-4ubuntu1.debian.tar.gz
Original-Maintainer: Steve McIntyre <93sam at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQ5cXUAAoJEFHb3FjMVZVztzYP/iddlFYv4/xchUeCkskWivKo
3H82fe+BuWNXwJuDEBYqj36TZG1RjJueLj6+cP8xeEM91kd0CKTDOtSjEmSVpgcz
u5W3iCW/zg/iu3qGauD9yeXg1DChWw0oma6/GlIHnoSxoILjqsmlv/v3V7pYSRSG
FEZbl0uVq1JTFIJfanbzcpnEgiMI1jO2xVl6eI0mxVnok7aDvxTuDgbn3q9TbOuA
qYFr5+ROngD8nlcl/MdljPr1KliWSJQkNuca78YvT9bVy3YPktyfdjF5jNj7qYSp
kn7loH0AlphrD7MpDMDypNKCdQmJ9lObyry4pqE7RPAmPGvAUMvISDAQIuLTb/h5
N/8J5roPzCXjisn4Dg6OGPjFfzhLqO6Rr/K2s7yjN+Ym5DSj6N3nEiJUyG1aYNN7
hK+Rv1ggH+4GLG2bUoSRWUVHKyua1bkHOfd8UCLQ7EU10Y9Yigpdb3QmesGnXzC7
pdLdYTFNpZULuLOwruCH6TaiaUGK6tORCE/6cFY0fDqx002GevffS7smxqbL205V
/ssikqKXF9jeSWx71xLBX69AacrDDrGBT2oxmS7h0zA1+Gua4fTcEd4wwBVZh//v
J/+gv7gddXyoyKBYlZR74jeyOIbLbP8XPlY6mEgLyVrKwDMbPIvGZSvRncWajbr0
lVWS9IB/GmYJry+dL9Vn
=2yrI
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list