CVE's against moin 1.5.7, with little useful information available at the moment: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0902
Looks like Ubuntu has released updates to fix these vulnerabilities. I wish the MoinMoin website would actually publish some kind of official announcement (and patch!), instead of having to hunt for details and a fix...
Still unpatched upstream, and still no patches or even details in the various vulnerability reports... are there _any_ details about these!?
Debian has a really great MoinMoin package, and seems to track upstream really closely. I've reviewed, included and tested 4 security patches from Debian, which should fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other security bugs too). I've updated F7,6,5 and EL5,4 branches (all current).