![]() |
|
Date: Sat, 29 Dec 2012 20:41:01 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Tilmann Haak <tilmann.haak@....de>, tw-public@....de Subject: Re: CVE request: MoinMoin Wiki (XSS in rss link) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/29/2012 07:37 AM, Tilmann Haak wrote: > Hi all, > > there is an XSS issue in MoinMoin wiki, version 1.9.5. Function > rsslink() in "theme/__init__.py" does not properly escape the page > name parameter. > > Details can be found at: http://moinmo.in/SecurityFixes > > A fix is available at: > http://hg.moinmo.in/moin/1.9/rev/c98ec456e493 > > Could you please assign a CVE number? > > kind regards, Tilmann Please use CVE-2012-6082 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ37fNAAoJEBYNRVNeJnmTpYEP/A0cs4VB2U3aUQE03Toh7cHH j0hjXhMRImATSDwI61qay9CUOhm1Hr5G0bNXs7XWGy95wGaxOzX62i241dpWa7Bf qj1sWwDH960ZiVx9712B7Gxab6kVeQjpluBLqcpwazilh4mPjwES5a0AZuQbS0nw DrjbDvXs/bWFGLZf8PnQ/CWZWVOiO/4pXn8dcWaz2FA7ZwPK8FMn7gp5BvZAlzpI ruxOGpCJ5UiFgMFht/x8rk4HPf+vYnDbO5H9dvf68JyzTTG1klxqFSSYD5aEilLi P8WXL4Rfjmu/XPasW20tnPMmZq8720QU+jmuARNGAEpsKwE2aDdxk+qiJ12I4UYu HRHMsMEyvmPTrkGiwTx0ELoTwPTF8XASX6LhSir+tc/yO3Z5Rv+RzfIr1hUWj197 NYk30W/m2XTJOWBc+hgLtmqMxJXwbcmRfdbribpok7O/pxVFToWufPui0uuQLuBg N90wgaFgGTVE1Zig6sWhzRSRtSgB6vngMDxNr4TTLXyij/jRZprN3Pj0miLCvyay lqP8+XNKC13yvSG+1rioHYVaoh7FlORHxTE2jLiQzaNWxoyNFlSTb0U4fGgDo8XC 4YrAKZxQqGD1yK7pzeMUwhd159U6PGDH/cOr6gffmH2trp3oj2C9zml/BaZj5vJn teeSNebc390umJaM+HUm =kR7s -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.