rpms/moin/F-11 moin.spec,1.28,1.29

Ville-Pekka Vainio vpv at fedoraproject.org
Sun Jul 12 17:36:44 UTC 2009


Author: vpv

Update of /cvs/pkgs/rpms/moin/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29933

Modified Files:
	moin.spec 
Log Message:
* Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.4-2
- Remove the filemanager directory from the embedded FCKeditor, it contains
  code with know security vulnerabilities, even though that code couldn't
  be invoked when moin was used with the default settings.
- Fixes rhbz #509924, related to CVE-2009-2265



Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-11/moin.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -p -r1.28 -r1.29
--- moin.spec	13 Jun 2009 19:13:17 -0000	1.28
+++ moin.spec	12 Jul 2009 17:36:14 -0000	1.29
@@ -3,7 +3,7 @@
 Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
 Name: moin
 Version: 1.8.4
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: Applications/Internet
 URL: http://moinmo.in/
@@ -21,6 +21,9 @@ editable web pages.
 
 %prep
 %setup -q
+# The filemanager directory includes vulnerable code, which can't be invoked by
+# default, but let's remove it just to be sure.
+rm -r wiki/htdocs/applets/FCKeditor/editor/filemanager/
 
 
 %build
@@ -51,6 +54,12 @@ editable web pages.
 
 
 %changelog
+* Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.4-2
+- Remove the filemanager directory from the embedded FCKeditor, it contains
+  code with know security vulnerabilities, even though that code couldn't
+  be invoked when moin was used with the default settings.
+- Fixes rhbz #509924, related to CVE-2009-2265
+
 * Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.8.4-1
 - Update to 1.8.4, http://moinmo.in/MoinMoinRelease1.8 has a list of
   changes.




More information about the fedora-extras-commits mailing list