Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0312 to the following vulnerability: Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content. References: http://moinmo.in/SecurityFixes#moin1.8.1 http://www.openwall.com/lists/oss-security/2009/01/27/4 Upstream commits (1.7.x and 1.8.x): http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad Seems to affect 1.6.3 currently in Fedora too.
moin-1.6.4-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/moin-1.6.4-1.fc10
moin-1.6.4-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/moin-1.6.4-1.fc9
moin-1.6.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.6.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This looks to also affect moin 1.5.9 in EPEL4 and 5 (util/antispam.py). Can this be corrected there as well?