On Wed, 2010-03-31 at 10:13 +0200, Frank Lin PIAT wrote: > On Wed, 2010-03-31 at 09:10 +0200, Frank Lin PIAT wrote: > > Package: moin > > Version: 1.5.3-1.2etch2 > > Unstable and testing need a patch too. but I can't work on it before > tonight.
Here's a patch for Debian Unstable (Unmodified from upstream[1]) I have made a quick test, and it seems ok. Giuseppe, can you review & upload it since Jonas seems busy? > > There is a XSS in moinmoin "Despam" action (see [1] and > > CVE-2010-0828[2]). Note that Despam action is only accessible to > > superusers, not by regular users. Regards, Thanks [1] http://hg.moinmo.in/moin/1.9/rev/6e603e5411ca http://moinmo.in/SecurityFixes
diff --git a/debian/changelog b/debian/changelog index 5e42f0c..eda087b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +moin (1.9.2-3) UNRELEASED; urgency=high + + * Fixed CVE-2010-0828: XSS in Despam page, thanks to Jamie Strandboge + (Ubuntu) for the patch. (Closes: #575995) + + -- Frank Lin PIAT <fp...@klabs.be> Wed, 31 Mar 2010 10:54:23 +0200 + moin (1.9.2-2) unstable; urgency=medium [ Frank Lin PIAT ] diff --git a/debian/patches/CVE-2010-0828.patch b/debian/patches/CVE-2010-0828.patch new file mode 100644 index 0000000..7ba3c0c --- /dev/null +++ b/debian/patches/CVE-2010-0828.patch @@ -0,0 +1,25 @@ +fix XSS in Despam action (CVE-2010-0828) - thanks to Jamie Strandboge (Ubuntu) for fixing + +Bug-Ubuntu: https://launchpad.net/bugs/538022 +diff --git a/MoinMoin/action/Despam.py b/MoinMoin/action/Despam.py +index 14c168c..cd29daa 100644 +--- a/MoinMoin/action/Despam.py ++++ b/MoinMoin/action/Despam.py +@@ -176,14 +176,14 @@ def revert_pages(request, editor, timestamp): + if repr(line.getInterwikiEditorData(request)) == editor: + revertpages.append(line.pagename) + +- request.write("Pages to revert:<br>%s" % "<br>".join(revertpages)) ++ request.write("Pages to revert:<br>%s" % "<br>".join([wikiutil.escape(p) for p in revertpages])) + for pagename in revertpages: +- request.write("Begin reverting %s ...<br>" % pagename) ++ request.write("Begin reverting %s ...<br>" % wikiutil.escape(pagename)) + msg = revert_page(request, pagename, editor) + if msg: + request.write("<p>%s: %s</p>" % ( + Page.Page(request, pagename).link_to(request), msg)) +- request.write("Finished reverting %s.<br>" % pagename) ++ request.write("Finished reverting %s.<br>" % wikiutil.escape(pagename)) + + def execute(pagename, request): + _ = request.getText diff --git a/debian/patches/series b/debian/patches/series index 2879e9c..e8fb1a7 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,4 @@ hardcode_configdir.patch disable_gui_editor_if_fckeditor_missing.patch htdocs_moved_to_usr_share_moin.patch use_systemwide_libs.patch +CVE-2010-0828.patch