Debian Security Advisory

DSA-1791-1 moin -- insufficient input sanitising

Date Reported:
06 May 2009
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 526594.
In Mitre's CVE dictionary: CVE-2009-1482.
More information:

It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks when renaming attachements or performing other sub-actions.

The oldstable distribution (etch) is not vulnerable.

For the stable distribution (lenny), this problem has been fixed in version 1.7.1-3+lenny2.

For the testing (squeeze) distribution and the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your moin packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.