moin -- insufficient input sanitising

ID DSA-1791
Type debian
Reporter Debian
Modified 2009-05-06T00:00:00


It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions.

The oldstable distribution (etch) is not vulnerable.

For the stable distribution (lenny), this problem has been fixed in version 1.7.1-3+lenny2.

For the testing (squeeze) distribution and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your moin packages.