FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318853
Date:      2013-05-23
Time:      08:20:48Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4c017345-1d89-11e0-bbee-0014a5e3cda6MoinMoin -- cross-site scripting vulnerabilities

The MoinMoin developers reports:

Fix XSS in Despam action (CVE-2010-0828)

Fix XSS issues

  • by escaping template name in messages
  • by fixing other places that had similar issues

Discovery 2010-04-05
Entry 2011-01-11
moinmoin
lt 1.9.3

39110
CVE-2010-0828
http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
4c017345-1d89-11e0-bbee-0014a5e3cda6MoinMoin -- cross-site scripting vulnerabilities

The MoinMoin developers reports:

Fix XSS in Despam action (CVE-2010-0828)

Fix XSS issues

  • by escaping template name in messages
  • by fixing other places that had similar issues

Discovery 2010-04-05
Entry 2011-01-11
moinmoin
lt 1.9.3

39110
CVE-2010-0828
http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES
http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
4f99e2ef-f725-11e1-8bd8-0022156e8794moinmoin -- wrong processing of group membership

MoinMoin developers report:

If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now (they erroneously included All/Known/Trusted users even if you did not list them as members), but will start working correctly with this changeset.

E.g. AllFriendsGroup:

  • JoeDoe

AllFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup:

  • JoeDoe

MyTrustedFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all trusted users and JoeDoe before.


Discovery 2012-09-03
Entry 2012-09-05
Modified 2012-09-11
moinmoin
ge 1.9 lt 1.9.5

CVE-2012-4404
http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
4a8a98ab-f745-11e1-8bd8-0022156e8794moinmoin -- cross-site scripting via RST parser

MITRE CVE team reports:

Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.4, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute.


Discovery 2011-02-21
Entry 2012-09-05
moinmoin
lt 1.9.4

46476
CVE-2011-1058
http://moinmo.in/SecurityFixes
4f99e2ef-f725-11e1-8bd8-0022156e8794moinmoin -- wrong processing of group membership

MoinMoin developers report:

If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now (they erroneously included All/Known/Trusted users even if you did not list them as members), but will start working correctly with this changeset.

E.g. AllFriendsGroup:

  • JoeDoe

AllFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup:

  • JoeDoe

MyTrustedFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all trusted users and JoeDoe before.


Discovery 2012-09-03
Entry 2012-09-05
Modified 2012-09-11
moinmoin
ge 1.9 lt 1.9.5

CVE-2012-4404
http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16