Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0934 to the following vulnerability: Name: CVE-2009-0934 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0934 Assigned: 20090317 Reference: MLIST:[oss-security] 20090316 CVE request: XSS in MUC logs of ejabberd Reference: URL: http://www.openwall.com/lists/oss-security/2009/03/16/1 Reference: CONFIRM: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_204 Reference: BID:34133 Reference: URL: http://www.securityfocus.com/bid/34133 Reference: SECUNIA:34340 Reference: URL: http://secunia.com/advisories/34340 Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.
I see that 2.0.4 is in testing and rawhide, so it just needs to be pushed to stable/updates for this to be corrected.
ejabberd-2.0.4-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ejabberd-2.0.4-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Ok, pushed to Fedora repositories. I'm closing this ticket.