Date: Tue, 27 Jan 2009 15:02:41 -0600 From: Jamie Strandboge <jamie@...onical.com> To: coley@...us.mitre.org Cc: oss-security@...ts.openwall.com Subject: CVE Request: MoinMoin I just now noticed this in the public MoinMoin mercurial commits: Fixed XSS issue in antispam The commit is: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad I haven't tried to reproduce it or anything, but the fix was simply to perform wikiutil.escape(match.group()), so it seems valid. Jamie -- Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/ [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ