[Moin-user] Vulnerabilities affecting MoinMoin 1.5.7 Release? (CVE-2007-901, 902)

Tyler Florez tflorez at calpoly.edu
Fri Mar 16 21:29:32 EDT 2007

Hi there,

It's come to my attention that a few relatively recent security reports
 allege vulnerabilities including cross-site scripting in MoinMoin up to
and including release 1.5.7

However, I've been able to find no corroborating information on the
moinmoin site, mailing list, or changelog
(http://moinmoin.wikiwikiweb.de/MoinMoinRelease1.5/CHANGES), making me a
bit suspicious the reports  are incorrect, since I would assume the
MoinMoin site would be among the first to know, or be notified, about
this (http://moinmoin.wikiwikiweb.de/KnownIssues).

These reports refer to CVE-2007-901 and 902:


which in turn cites sources like secunia.com and securityfocus.com

Notably, one CVE citation refers to ubuntu.com although the ubuntu
report itself appears to apply to moinmoin-1.5.3 and lower

So it seems to me that these security reports may be incorrect in
listing the 1.5.7 release as vulnerable; rather, it may be a problem
with an earlier version and CVE is incorrect that this applies to the
newest release, 1.5.7 (or am I missing

Does anyone know about the validity of these security reports w.r.t.
MoinMoin 1.5.7?



More information about the Moin-user mailing list