Date: Tue, 11 Jan 2011 14:24:54 GMT From: Ruslan Mahmatkhanov <cvs-src@yandex.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/153898: [PATCH] security/vuxml: add www/moinmoin < 1.9.3 entry Message-ID: <201101111424.p0BEOsYQ088310@red.freebsd.org> Resent-Message-ID: <201101111430.p0BEU6mj066268@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 153898 >Category: ports >Synopsis: [PATCH] security/vuxml: add www/moinmoin < 1.9.3 entry >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Jan 11 14:30:06 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Ruslan Mahmatkhanov >Release: 8.2-PRERELEASE >Organization: >Environment: 8.2-PRERELEASE i386 >Description: - add vuxml entry about couple of xss vulnerabilities in MoinMoin < 1.9.3 >How-To-Repeat: >Fix: Patch attached with submission follows: --- vuln.xml.orig 2011-01-09 12:12:09.000000000 +0300 +++ vuln.xml 2011-01-11 17:17:33.000000000 +0300 @@ -34,6 +34,40 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4c017345-1d89-11e0-bbee-0014a5e3cda6"> + <topic>MoinMoin -- cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MoinMoin developers reports:</p> + <blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"> + <p>Fix XSS in Despam action (CVE-2010-0828)</p> + </blockquote> + <blockquote cite="http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"> + <p>Fix XSS issues</p> + <ul> + <li>by escaping template name in messages</li> + <li>by fixing other places that had similar issues</li> + </ul> + </blockquote> + </body> + </description> + <references> + <bid>39110</bid> + <cvename>CVE-2010-0828</cvename> + <url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES</url> + <url>http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg</url> + </references> + <dates> + <discovery>2010-04-05</discovery> + <entry>2011-01-11</entry> + </dates> + </vuln> <vuln vid="2b6ed5c7-1a7f-11e0-b61d-000c29d1636d"> <topic>php -- multiple vulnerabilities</topic> <affects> >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101111424.p0BEOsYQ088310>