MoinMoin: Multiple vulnerabilities — GLSA 201210-02

Multiple vulnerabilities have been found in MoinMoin, the worst of which allowing for injection of arbitrary web script or HTML.

Affected packages

www-apps/moinmoin on all architectures
Affected versions < 1.9.4
Unaffected versions >= 1.9.4

Background

MoinMoin is a Python WikiEngine.

Description

Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details.

Impact

These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitive information and to bypass the textcha protection mechanism. There are several other unknown impacts and attack vectors.

Workaround

There is no known workaround at this time.

Resolution

All MoinMoin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.9.4"
 

References

Release date
October 18, 2012

Latest revision
October 18, 2012: 1

Severity
normal

Exploitable
remote

Bugzilla entries