Hi, Here's a patch for Debian Lenny (Unmodified from upstream[1]) I have made a quick test, and it seems ok.
Jonas, can you upload it? thanks On Wed, 2010-03-31 at 09:10 +0200, Frank Lin PIAT wrote: > Package: moin > Version: 1.5.3-1.2etch2 Unstable and testing need a patch too. but I can't work on it before tonight. > There is a XSS in moinmoin "Despam" action (see [1] and > CVE-2010-0828[2]). Note that Despam action is only accessible to > superusers, not by regular users. [1] http://hg.moinmo.in/moin/1.7/rev/6e603e5411ca http://moinmo.in/SecurityFixes
commit e9f332a31d1b2fa8972c5e90fcc8b79835f1b057 Author: Frank Lin PIAT <fp...@klabs.be> Date: Wed Mar 31 09:46:28 2010 +0200 CVE-2010-828 (XSS in Despam action) diff --git a/debian/changelog b/debian/changelog index 6fa5d25..ab698d4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +moin (1.7.1-3+lenny4) UNRELEASED; urgency=low + + * SECURITY UPDATE: fix XSS in Despam action, thanks to Jamie Strandboge + (Ubuntu) for the patch. (Closes: #575995) + - debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in + revert_pages() + - CVE-2010-0828 + + -- Frank Lin PIAT <fp...@klabs.be> Wed, 31 Mar 2010 09:34:50 +0200 + moin (1.7.1-3+lenny3) stable-security; urgency=high * Non-maintainer upload by the Security Team. diff --git a/debian/patches/CVE-2010-828.patch b/debian/patches/CVE-2010-828.patch new file mode 100644 index 0000000..6f8885c --- /dev/null +++ b/debian/patches/CVE-2010-828.patch @@ -0,0 +1,23 @@ +fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing + +Bug-Ubuntu: https://launchpad.net/bugs/538022 +--- a/MoinMoin/action/Despam.py 2010-03-31 09:39:33.000000000 +0200 ++++ b/MoinMoin/action/Despam.py 2010-03-31 09:40:09.000000000 +0200 +@@ -173,14 +173,14 @@ + if repr(line.getInterwikiEditorData(request)) == editor: + revertpages.append(line.pagename) + +- request.write("Pages to revert:<br>%s" % "<br>".join(revertpages)) ++ request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages])) + for pagename in revertpages: +- request.write("Begin reverting %s ...<br>" % pagename) ++ request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename)) + msg = revert_page(request, pagename, editor) + if msg: + request.write("<p>%s: %s</p>" % ( + Page.Page(request, pagename).link_to(request), msg)) +- request.write("Finished reverting %s.<br>" % pagename) ++ request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename)) + + def execute(pagename, request): + _ = request.getText diff --git a/debian/patches/series b/debian/patches/series index 21a710e..59ae2d5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -12,3 +12,4 @@ CVE-2010-0668-CVE-2010-0717.patch CVE-2010-0669.patch security_hierarchical_ACL.patch +CVE-2010-828.patch