From nobody@FreeBSD.org  Mon May 11 15:56:46 2009
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0400E10656C9
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 11 May 2009 15:56:46 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id E64BF8FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 11 May 2009 15:56:45 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n4BFuj6P078624
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 11 May 2009 15:56:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n4BFujm4078623;
	Mon, 11 May 2009 15:56:45 GMT
	(envelope-from nobody)
Message-Id: <200905111556.n4BFujm4078623@www.freebsd.org>
Date: Mon, 11 May 2009 15:56:45 GMT
From: Mark Foster <mark@foster.cc>
To: freebsd-gnats-submit@FreeBSD.org
Subject: vuxml submission for www/moinmoin
X-Send-Pr-Version: www-3.1
X-GNATS-Notify: bg1tpt@gmail.com

>Number:         134467
>Category:       ports
>Synopsis:       vuxml submission for www/moinmoin
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    miwi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 11 16:00:07 UTC 2009
>Closed-Date:    Wed May 13 10:07:16 UTC 2009
>Last-Modified:  Wed May 13 10:10:00 UTC 2009
>Originator:     Mark Foster
>Release:        7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="b02883e8-96e0-4512-99dc-2a77ebe94940">
     <topic>moinmoin -- Multiple cross-site scripting XSS vulnerabilities in MoinMoin</topic>
     <affects>
       <package>
         <name>moinmoin</name>
         <range><le>1.8.2</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>US-CERT reports:</p>
         <blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1482">
           <p>Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the error_msg function or 2 multiple vectors related to package file errors in the upload_form function different vectors than CVE-2009-0260.</p>
         </blockquote>
       </body>
     </description>
     <references>
      <cvename>CVE-2009-1482</cvename>
      <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1482</url>
     </references>
     <dates>
       <discovery>2009-04-29</discovery>
       <entry>2009-05-11</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Mon May 11 16:00:18 UTC 2009 
State-Changed-Why:  
Awaiting maintainers feedback (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134467 

From: Edwin Groothuis <edwin@FreeBSD.org>
To: bg1tpt@gmail.com
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/134467: vuxml submission for www/moinmoin
Date: Mon, 11 May 2009 16:00:16 UT

 Maintainer of www/moinmoin,
 
 Please note that PR ports/134467 has just been submitted.
 
 If it contains a patch for an upgrade, an enhancement or a bug fix
 you agree on, reply to this email stating that you approve the patch
 and a committer will take care of it.
 
 The full text of the PR can be found at:
     http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/134467
 
 -- 
 Edwin Groothuis via the GNATS Auto Assign Tool
 edwin@FreeBSD.org
Responsible-Changed-From-To: freebsd-ports-bugs->miwi 
Responsible-Changed-By: miwi 
Responsible-Changed-When: Mon May 11 16:10:45 UTC 2009 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134467 
State-Changed-From-To: feedback->closed 
State-Changed-By: miwi 
State-Changed-When: Wed May 13 10:07:15 UTC 2009 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=134467 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/134467: commit references a PR
Date: Wed, 13 May 2009 10:07:41 +0000 (UTC)

 miwi        2009-05-13 10:07:30 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/vuxml       vuln.xml 
   Log:
   - Document moinmoin -- multiple cross site scripting vulnerabilities
   
   PR:             based on 134467
   
   Revision  Changes    Path
   1.1932    +38 -1     ports/security/vuxml/vuln.xml
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
