From owner-svn-ports-head@FreeBSD.ORG Sun Jan 6 20:37:25 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 78BBAEF8; Sun, 6 Jan 2013 20:37:25 +0000 (UTC) (envelope-from rea@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 46BEE172E; Sun, 6 Jan 2013 20:37:25 +0000 (UTC) Received: from svn.freebsd.org (svn.FreeBSD.org [8.8.178.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r06KbPkC038170; Sun, 6 Jan 2013 20:37:25 GMT (envelope-from rea@svn.freebsd.org) Received: (from rea@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r06KbO45038167; Sun, 6 Jan 2013 20:37:24 GMT (envelope-from rea@svn.freebsd.org) Message-Id: <201301062037.r06KbO45038167@svn.freebsd.org> From: Eygene Ryabinkin Date: Sun, 6 Jan 2013 20:37:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r310013 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2013 20:37:25 -0000 Author: rea Date: Sun Jan 6 20:37:24 2013 New Revision: 310013 URL: http://svnweb.freebsd.org/changeset/ports/310013 Log: VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6 Use more verbose descriptions from CVE entries and trim citation from CHANGES to the relevant parts. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jan 6 19:56:54 2013 (r310012) +++ head/security/vuxml/vuln.xml Sun Jan 6 20:37:24 2013 (r310013) @@ -161,21 +161,40 @@ Note: Please add new entries to the beg -

Thomas Waldmann reports:

MoinMoin developers report the following vulnerabilities + as fixed in version 1.9.6:

-
SECURITY HINT: make sure you have allow_xslt = False (or just do - not use allow_xslt at all in your wiki configs, False is the - internal default). Allowing XSLT/4suite is very dangerous, see - HelpOnConfiguration wiki page.
- -
Fixes:

-
fix remote code execution vulnerability in - twikidraw/anywikidraw action
-
fix path traversal vulnerability in AttachFile action
-
fix XSS issue, escape page name in rss link.
+
remote code execution vulnerability in + twikidraw/anywikidraw action,
+
path traversal vulnerability in AttachFile action,
+
XSS issue, escape page name in rss link.

CVE entries at MITRE furher clarify:

+
Multiple unrestricted file upload vulnerabilities in the + (1) twikidraw (action/twikidraw.py) and (2) anywikidraw + (action/anywikidraw.py) actions in MoinMoin before 1.9.6 + allow remote authenticated users with write permissions to + execute arbitrary code by uploading a file with an + executable extension, then accessing it via a direct request + to the file in an unspecified directory, as exploited in the + wild in July 2012.
+

+
Directory traversal vulnerability in the + _do_attachment_move function in the AttachFile action + (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 + allows remote attackers to overwrite arbitrary files via a + .. (dot dot) in a file name.
+

+
Cross-site scripting (XSS) vulnerability in the rsslink + function in theme/__init__.py in MoinMoin 1.9.5 allows + remote attackers to inject arbitrary web script or HTML + via the page name in a rss link.
+