Summary: | <www-apps/moinmoin-1.9.5 : Virtual Group ACL Evaluation Security Issue (CVE-2012-4404) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/50496/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 339295 |
Description
Agostino Sarubbo
2012-09-04 10:29:39 UTC
CVE-2012-4404 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4404): security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. 1.9.5 added to CVS which fixes the issue. Feel free to start the stabilization process to overrule bug #339295. Arches, please test and mark stable: =www-apps/moinmoin-1.9.5 Target keywords : "amd64 ppc x86" amd64 stable stable ppc x86 done, last arch! Thanks, everyone. GLSA vote: no. GLSA Vote: no too. Closing noglsa. |