CVE-2009-1482 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1482): Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.
This is fixed in 1.8.3 and there are patches for 1.7 in the upstream Hg at http://hg.moinmo.in/moin/1.7/ (in case you want to keep the 1.7 branch).
*** Bug 262441 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =www-apps/moinmoin-1.8.4 Target keywords : "amd64 ppc sparc x86" Removed 1.7* as it is EOL.
x86 stable
+ 12 Jun 2009; <chainsaw@gentoo.org> moinmoin-1.8.4.ebuild: + Marked stable on AMD64. Tested on a dual dual-core Opteron 2218 system + using Apache 2.2.11 and mod_fcgid 2.2. For security bugs #268565 and + #273858.
sparc stable
ppc done
XSS in webapps = NO.
NO. Closing.