On October 11th, Canonical published in a security notice details about MoinMoin vulnerabilities for its Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 11.04, and Ubuntu 10.04 LTS operating systems.
According to Canonical, Several security issues were fixed in MoinMoin.
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
LinuxSecurity.com: It was discovered that MoinMoin did not properly sanitize its input whenprocessing Despam actions, resulting in cross-site scripting (XSS)vulnerabilities. If a privileged wiki user were tricked into performingthe Despam action on a page with a crafted title, a remote attacker couldexploit this to execute JavaScript code. (CVE-2010-0828) [More...]
LinuxSecurity.com: It was discovered that MoinMoin incorrectly handled hierarchical accesscontrol lists. Users could bypass intended access controls under certaincircumstances. [More...]
I'd like to embed a cmap in a moinmoin wiki page. I generated the cmap using dia.
I then copy pasted the generated html code, modified it to point to the png image I attached to the wiki. However when saving the whole map section disappears from the code.
Email this page
