[Secure-testing-team] XSS in moin
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Aug 2 14:46:48 UTC 2008
Hi Jonas
the following CVE (Common Vulnerabilities & Exposures) id was
published for moin.
CVE-2008-3381[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in
| macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow
| remote attackers to inject arbitrary web script or HTML via
| unspecified vectors.
The problem is fixed in unstable and I don't think the issue is severe enough
for a DTSA at the moment. But if you want to get it fixed for lenny, it might
be a good idea to contact the release team (and put secure-testing-team@ into
CC) to think about coordinating a testing-proposed-updates upload.
If you disagree, please state why the issue is severe enough and we can
consider preparing a testing-security upload.
The upstream patch is here[1].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3381
http://security-tracker.debian.net/tracker/CVE-2008-3381
[1] http://hg.moinmo.in/moin/1.7/rev/383196922b03
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080803/23b06b3f/attachment.pgp
More information about the Secure-testing-team
mailing list