-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 28 Jan 2009 00:25:56 +0000 Source: moin Binary: moinmoin-common python-moinmoin Architecture: source all Version: 1.5.3-1.2etch2 Distribution: stable-security Urgency: high Maintainer: Jonas Smedegaard <dr@jones.dk> Changed-By: Steffen Joeris <white@debian.org> Description: moinmoin-common - Python clone of WikiWiki - common data python-moinmoin - Python clone of WikiWiki - library Closes: 513158 Changes: moin (1.5.3-1.2etch2) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix cross-site scripting vulnerability via basename parameter in the AttachFile action (Closes: #513158) Fixes: CVE-2009-0260 * Extend the wikiutil.escape function to also escape single quotes "'" as done in newer versions * Fix cross-site scripting vulnerability in antispam.py via malformed content Fixes: CVE-2009-0312 Files: 7b24d6f694511840a0a9da0c9f33f5ad 671 net optional moin_1.5.3-1.2etch2.dsc 139bcec334ed7fbf1ca2bef3c89a8377 40914 net optional moin_1.5.3-1.2etch2.diff.gz a46561072eb0ee26ee1a71275c0e64b3 1595112 net optional moinmoin-common_1.5.3-1.2etch2_all.deb ab6158ae7010c3701859ceb26bd61bd2 914904 python optional python-moinmoin_1.5.3-1.2etch2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkl/pzYACgkQ62zWxYk/rQedCQCeIllA/ZRl15uc0Hr2QKjyd3Xu P/UAn2SrT9vIprm3xK7krDKU3BtFpt6f =DojV -----END PGP SIGNATURE----- Accepted: moin_1.5.3-1.2etch2.diff.gz to pool/main/m/moin/moin_1.5.3-1.2etch2.diff.gz moin_1.5.3-1.2etch2.dsc to pool/main/m/moin/moin_1.5.3-1.2etch2.dsc moinmoin-common_1.5.3-1.2etch2_all.deb to pool/main/m/moin/moinmoin-common_1.5.3-1.2etch2_all.deb python-moinmoin_1.5.3-1.2etch2_all.deb to pool/main/m/moin/python-moinmoin_1.5.3-1.2etch2_all.deb
