Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
www-apps please advise.
This may have been fixed in 1.5.8: http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES , which is in the tree.
Thx Renat. Arches please test and mark stable. Target keywords are: moinmoin-1.5.8.ebuild:KEYWORDS="amd64 ppc sparc x86"
web-apps: "dodoc: ChangeLog does not exist" x86 stable
sparc stable.
amd64 stable
Stable on ppc.
This one is ready for GLSA decision. I vote NO.
No too, such a common vuln. Closing without glsa, feel free to reopen if you disagree