Hi Jonas the following CVE (Common Vulnerabilities & Exposures) id was published for moin.
CVE-2008-3381[0]: | Multiple cross-site scripting (XSS) vulnerabilities in | macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow | remote attackers to inject arbitrary web script or HTML via | unspecified vectors. The problem is fixed in unstable and I don't think the issue is severe enough for a DTSA at the moment. But if you want to get it fixed for lenny, it might be a good idea to contact the release team (and put secure-testing-team@ into CC) to think about coordinating a testing-proposed-updates upload. If you disagree, please state why the issue is severe enough and we can consider preparing a testing-security upload. The upstream patch is here[1]. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3381 http://security-tracker.debian.net/tracker/CVE-2008-3381 [1] http://hg.moinmo.in/moin/1.7/rev/383196922b03
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
