Hi,
Here's a patch for Debian Lenny (Unmodified from upstream[1])
I have made a quick test, and it seems ok.
Jonas, can you upload it?
thanks
On Wed, 2010-03-31 at 09:10 +0200, Frank Lin PIAT wrote:
> Package: moin
> Version: 1.5.3-1.2etch2
Unstable and testing need a patch too. but I can't work on it before
tonight.
> There is a XSS in moinmoin "Despam" action (see [1] and
> CVE-2010-0828[2]). Note that Despam action is only accessible to
> superusers, not by regular users.
[1] http://hg.moinmo.in/moin/1.7/rev/6e603e5411ca
http://moinmo.in/SecurityFixes
commit e9f332a31d1b2fa8972c5e90fcc8b79835f1b057
Author: Frank Lin PIAT <fp...@klabs.be>
Date: Wed Mar 31 09:46:28 2010 +0200
CVE-2010-828 (XSS in Despam action)
diff --git a/debian/changelog b/debian/changelog
index 6fa5d25..ab698d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+moin (1.7.1-3+lenny4) UNRELEASED; urgency=low
+
+ * SECURITY UPDATE: fix XSS in Despam action, thanks to Jamie Strandboge
+ (Ubuntu) for the patch. (Closes: #575995)
+ - debian/patches/CVE-2010-0828.patch: use wikiutil.escape() in
+ revert_pages()
+ - CVE-2010-0828
+
+ -- Frank Lin PIAT <fp...@klabs.be> Wed, 31 Mar 2010 09:34:50 +0200
+
moin (1.7.1-3+lenny3) stable-security; urgency=high
* Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2010-828.patch
b/debian/patches/CVE-2010-828.patch
new file mode 100644
index 0000000..6f8885c
--- /dev/null
+++ b/debian/patches/CVE-2010-828.patch
@@ -0,0 +1,23 @@
+fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu)
for fixing
+
+Bug-Ubuntu: https://launchpad.net/bugs/538022
+--- a/MoinMoin/action/Despam.py 2010-03-31 09:39:33.000000000 +0200
++++ b/MoinMoin/action/Despam.py 2010-03-31 09:40:09.000000000 +0200
+@@ -173,14 +173,14 @@
+ if repr(line.getInterwikiEditorData(request)) == editor:
+ revertpages.append(line.pagename)
+
+- request.write("Pages to revert:<br>%s" % "<br>".join(revertpages))
++ request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p)
for p in revertpages]))
+ for pagename in revertpages:
+- request.write("Begin reverting %s ...<br>" % pagename)
++ request.write("Begin reverting %s ...<br>" %
wikiutil.escape(pagename))
+ msg = revert_page(request, pagename, editor)
+ if msg:
+ request.write("<p>%s: %s</p>" % (
+ Page.Page(request, pagename).link_to(request), msg))
+- request.write("Finished reverting %s.<br>" % pagename)
++ request.write("Finished reverting %s.<br>" %
wikiutil.escape(pagename))
+
+ def execute(pagename, request):
+ _ = request.getText
diff --git a/debian/patches/series b/debian/patches/series
index 21a710e..59ae2d5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -12,3 +12,4 @@
CVE-2010-0668-CVE-2010-0717.patch
CVE-2010-0669.patch
security_hierarchical_ACL.patch
+CVE-2010-828.patch
