ports/153898: [PATCH] security/vuxml: add www/moinmoin < 1.9.3 entry
Ruslan Mahmatkhanov
cvs-src at yandex.ru
Tue Jan 11 14:30:07 UTC 2011
>Number: 153898
>Category: ports
>Synopsis: [PATCH] security/vuxml: add www/moinmoin < 1.9.3 entry
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 11 14:30:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ruslan Mahmatkhanov
>Release: 8.2-PRERELEASE
>Organization:
>Environment:
8.2-PRERELEASE i386
>Description:
- add vuxml entry about couple of xss vulnerabilities in MoinMoin < 1.9.3
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
--- vuln.xml.orig 2011-01-09 12:12:09.000000000 +0300
+++ vuln.xml 2011-01-11 17:17:33.000000000 +0300
@@ -34,6 +34,40 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4c017345-1d89-11e0-bbee-0014a5e3cda6">
+ <topic>MoinMoin -- cross-site scripting vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moinmoin</name>
+ <range><lt>1.9.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The MoinMoin developers reports:</p>
+ <blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES">
+ <p>Fix XSS in Despam action (CVE-2010-0828)</p>
+ </blockquote>
+ <blockquote cite="http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg">
+ <p>Fix XSS issues</p>
+ <ul>
+ <li>by escaping template name in messages</li>
+ <li>by fixing other places that had similar issues</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>39110</bid>
+ <cvename>CVE-2010-0828</cvename>
+ <url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES</url>
+ <url>http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg</url>
+ </references>
+ <dates>
+ <discovery>2010-04-05</discovery>
+ <entry>2011-01-11</entry>
+ </dates>
+ </vuln>
<vuln vid="2b6ed5c7-1a7f-11e0-b61d-000c29d1636d">
<topic>php -- multiple vulnerabilities</topic>
<affects>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list