Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks. In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny4. For the testing (squeeze) and unstable (sid) distribution, these problems will be fixed soon. We recommend that you upgrade your moin package.
Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.
In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields.
For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny4.
For the testing (squeeze) and unstable (sid) distribution, these problems will be fixed soon.
We recommend that you upgrade your moin package.
MD5 checksums of the listed files are available in the original advisory.
Vulmon