Red Hat Bugzilla – Bug 228764
CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure
Last modified: 2007-11-30 17:11:57 EST
CVE's against moin 1.5.7, with little useful information available at the moment:
Looks like Ubuntu has released updates to fix these vulnerabilities. I wish the
MoinMoin website would actually publish some kind of official announcement (and
patch!), instead of having to hunt for details and a fix...
Still unpatched upstream, and still no patches or even details in the various
vulnerability reports... are there _any_ details about these!?
Debian has a really great MoinMoin package, and seems to track upstream really
I've reviewed, included and tested 4 security patches from Debian, which should
fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other
security bugs too).
I've updated F7,6,5 and EL5,4 branches (all current).