diff options
| author | delphij <delphij@FreeBSD.org> | 2011-01-18 17:26:17 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2011-01-18 17:26:17 +0800 |
| commit | b11fc3c6d35d73e184ee04c467b2b2532d02a0bf (patch) | |
| tree | a644574b3ae687dc556808b5281a12ff1c314c9b /security/vuxml | |
| parent | cdc68234922ab7281682435dcef5b56887c21b8a (diff) | |
| download | freebsd-ports-gnome-b11fc3c6d35d73e184ee04c467b2b2532d02a0bf.tar.gz freebsd-ports-gnome-b11fc3c6d35d73e184ee04c467b2b2532d02a0bf.tar.zst freebsd-ports-gnome-b11fc3c6d35d73e184ee04c467b2b2532d02a0bf.zip | |
Add entry for moinmoin XSS vulnerabilities.
PR: ports/153898
Submitted by: Ruslan Mahmatkhanov <cvs-src yandex ru>
Feature safe: yes
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index da8310b3bcf7..6a0e162e1555 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,41 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4c017345-1d89-11e0-bbee-0014a5e3cda6"> + <topic>MoinMoin -- cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The MoinMoin developers reports:</p> + <blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES"> + <p>Fix XSS in Despam action (CVE-2010-0828)</p> + </blockquote> + <blockquote cite="http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg"> + <p>Fix XSS issues</p> + <ul> + <li>by escaping template name in messages</li> + <li>by fixing other places that had similar issues</li> + </ul> + </blockquote> + </body> + </description> + <references> + <bid>39110</bid> + <cvename>CVE-2010-0828</cvename> + <url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES</url> + <url>http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg</url> + </references> + <dates> + <discovery>2010-04-05</discovery> + <entry>2011-01-11</entry> + </dates> + </vuln> + <vuln vid="38bdf10e-2293-11e0-bfa4-001676740879"> <topic>tor -- remote code execution and crash</topic> <affects> @@ -494,8 +529,7 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="2a41233d-10e7-11e0-becc-0022156e8794"> - <topic>php-zip -- multiple Denial of Service - vulnerabilities</topic> + <topic>php-zip -- multiple Denial of Service vulnerabilities</topic> <affects> <package> <name>php5-zip</name> @@ -730,8 +764,7 @@ Note: Please add new entries to the beginning of this file. </vuln> <vuln vid="f3148a05-0fa7-11e0-becc-0022156e8794"> - <topic>php -- corruption of $GLOBALS and $this variables via - extract() method</topic> + <topic>php -- corruption of $GLOBALS and $this variables via extract() method</topic> <affects> <package> <name>php5</name> |