Referenced CVEs:
CVE-2010-0828, CVE-2010-1238
Description:
===========================================================Ubuntu Security Notice USN-925-1 April 08, 2010moin vulnerabilitiesCVE-2010-0828, CVE-2010-1238===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: python2.4-moinmoin 1.5.2-1ubuntu2.6Ubuntu 8.04 LTS: python-moinmoin 1.5.8-5.1ubuntu2.4Ubuntu 8.10: python-moinmoin 1.7.1-1ubuntu1.5Ubuntu 9.04: python-moinmoin 1.8.2-2ubuntu2.3Ubuntu 9.10: python-moinmoin 1.8.4-1ubuntu1.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that MoinMoin did not properly sanitize its input whenprocessing Despam actions, resulting in cross-site scripting (XSS)vulnerabilities. If a privileged wiki user were tricked into performingthe Despam action on a page with a crafted title, a remote attacker couldexploit this to execute JavaScript code. (CVE-2010-0828)It was discovered that the TextCha protection in MoinMoin could be bypassedby submitting a crafted form request. This issue only affected Ubuntu 8.10.(CVE-2010-1238)
More...
