rpms/moin/F-10 moin.spec,1.24,1.25
Ville-Pekka Vainio
vpv at fedoraproject.org
Sun Jul 12 18:15:56 UTC 2009
- Previous message (by thread): rpms/eclipse-eclox/devel eclipse-eclox-bin_excludes.patch, NONE, 1.1 eclipse-eclox-download.sh, NONE, 1.1 eclipse-eclox-help_excludes.patch, NONE, 1.1 eclipse-eclox.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/php-pecl-memcache/devel php-pecl-memcache.spec,1.10,1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: vpv
Update of /cvs/pkgs/rpms/moin/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9733
Modified Files:
moin.spec
Log Message:
* Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-3
- Remove the filemanager and _samples directories from the embedded FCKeditor,
they contain code with know security vulnerabilities, even though that code
probably couldn't be invoked when moin was used with the default settings.
- Fixes rhbz #509924, related to CVE-2009-2265
Index: moin.spec
===================================================================
RCS file: /cvs/pkgs/rpms/moin/F-10/moin.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- moin.spec 13 Jun 2009 20:27:25 -0000 1.24
+++ moin.spec 12 Jul 2009 18:15:56 -0000 1.25
@@ -3,7 +3,7 @@
Summary: MoinMoin is a WikiEngine to collaborate on easily editable web pages
Name: moin
Version: 1.6.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2+
Group: Applications/Internet
URL: http://moinmo.in/
@@ -50,6 +50,10 @@ editable web pages.
%patch6 -p1
# convert to UTF-8
iconv -f iso8859-1 -t utf-8 docs/CHANGES -o docs/CHANGES.conv && mv -f docs/CHANGES.conv docs/CHANGES
+# These directories include vulnerable code, which probably can't be invoked
+# by default, but let's remove it just to be sure.
+rm -r wiki/htdocs/applets/FCKeditor/editor/filemanager/
+rm -r wiki/htdocs/applets/FCKeditor/_samples/
%build
@@ -79,6 +83,13 @@ iconv -f iso8859-1 -t utf-8 docs/CHANGES
%changelog
+* Sun Jul 12 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-3
+- Remove the filemanager and _samples directories from the embedded FCKeditor,
+ they contain code with know security vulnerabilities, even though that code
+ probably couldn't be invoked when moin was used with the default settings.
+- Fixes rhbz #509924, related to CVE-2009-2265
+
+
* Sat Jun 13 2009 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.6.4-2
- Hierarchical ACL security fix from 1.8.4, 1.8 HG 897cdbe9e8f2
- Details at http://moinmo.in/SecurityFixes#moin_1.8.3
- Previous message (by thread): rpms/eclipse-eclox/devel eclipse-eclox-bin_excludes.patch, NONE, 1.1 eclipse-eclox-download.sh, NONE, 1.1 eclipse-eclox-help_excludes.patch, NONE, 1.1 eclipse-eclox.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/php-pecl-memcache/devel php-pecl-memcache.spec,1.10,1.11
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list