U radu programskog paketa MoinMoin, namijenjenog operacijskim sustavima Fedora 13 i 14, uočen je sigurnosni nedostatak. Riječ je o wiki alatu koji omogućuje izradu i izmjenu web stranica pomoću web preglednika. Nedostatak je posljedica XSS (eng. cross-site scripting) ranjivosti u "reStructuredText" analizatoru (eng. parser) u komponenti "parser/text_rst.py". Udaljeni ga napadač može iskoristiti za umetanje proizvoljne web skripte ili HTML koda. Svim se korisnicima savjetuje prelazak na ispravljene inačice.

Fedora Update Notification
2011-02-25 07:53:44

Name        : moin
Product     : Fedora 13
Version     : 1.9.3
Release     : 4.fc13
URL         : http://moinmo.in/
Summary     : MoinMoin is a WikiEngine to collaborate on easily editable web
Description :
MoinMoin is an advanced, easy to use and extensible WikiEngine with a large
community of users. Said in a few words, it is about collaboration on easily
editable web pages.


* Thu Feb 24 2011 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.9.3-4
- Fixes CVE-2011-1058 (rhbz#679523)
* Tue Feb  8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Jul 23 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.9.3-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Mon Jun 28 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> 1.9.3-1
- Fixes multiple XSS vulnerabilities (rhbz#601399)
- http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
- Drop integrated security patch

  [ 1 ] Bug #679523 - CVE-2011-1058 MoinMoin: XSS in the rst parser

This update can be installed with the "yum" update program.  Use 
su -c 'yum update moin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Fedora Update Notification
2011-02-25 07:53:42

Name        : moin
Product     : Fedora 14
Version     : 1.9.3
Release     : 4.fc14
URL         : http://moinmo.in/
Summary     : MoinMoin is a WikiEngine to collaborate on easily editable web
Description :
MoinMoin is an advanced, easy to use and extensible WikiEngine with a large
community of users. Said in a few words, it is about collaboration on easily
editable web pages.


* Thu Feb 24 2011 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.9.3-4
- Fixes CVE-2011-1058 (rhbz#679523)
* Tue Feb  8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1.9.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

  [ 1 ] Bug #679523 - CVE-2011-1058 MoinMoin: XSS in the rst parser

This update can be installed with the "yum" update program.  Use 
su -c 'yum update moin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Idi na vrh