oss-sec mailing list archives

CVE Request: MoinMoin

From: Jamie Strandboge <jamie () canonical com>
Date: Tue, 27 Jan 2009 15:02:41 -0600

I just now noticed this in the public MoinMoin mercurial commits:
Fixed XSS issue in antispam

The commit is:
http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad

I haven't tried to reproduce it or anything, but the fix was simply to
perform wikiutil.escape(match.group()), so it seems valid.

Jamie

-- 
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE Request: MoinMoin Jamie Strandboge (Jan 27)
- Re: CVE Request: MoinMoin Steven M. Christey (Jan 27)