Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764
Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: normal Component: moin AssignedTo: matthias@rpmforge.net ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
CVE's against moin 1.5.7, with little useful information available at the moment:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0902
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764
------- Additional Comments From matthias@rpmforge.net 2007-03-02 07:28 EST ------- Looks like Ubuntu has released updates to fix these vulnerabilities. I wish the MoinMoin website would actually publish some kind of official announcement (and patch!), instead of having to hunt for details and a fix...
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764
------- Additional Comments From matthias@rpmforge.net 2007-04-11 17:33 EST ------- Still unpatched upstream, and still no patches or even details in the various vulnerability reports... are there _any_ details about these!?
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|normal |medium
matthias@rpmforge.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.5.7-2
------- Additional Comments From matthias@rpmforge.net 2007-05-07 09:13 EST ------- Debian has a really great MoinMoin package, and seems to track upstream really closely.
I've reviewed, included and tested 4 security patches from Debian, which should fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other security bugs too).
I've updated F7,6,5 and EL5,4 branches (all current).
security@lists.fedoraproject.org