Summary: | www-apps/moinmoin <1.6.3 ACL/superuser privilege escalation (CVE-2008-1937) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Johan Marcusson <independence> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hanno, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://moinmo.in/SecurityFixes | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Johan Marcusson
2008-04-21 17:46:56 UTC
* Security fix: a check in the user form processing was not working as expected, leading to a major ACL and superuser priviledge escalation problem. If you use ACL entries other than "Known:" or "All:" and/or a non-empty superuser list, you need to urgently install this upgrade. http://hg.moinmo.in/moin/1.6/rev/f405012e67af in cvs Arches, please test and mark stable: =www-apps/moinmoin-1.6.3 Target keywords : "amd64 ppc release sparc x86" amd64/x86 stable ppc stable sparc stable Fixed in release snapshot. GLSA vote, I vote YES. YES too, request filed. GLSA 200805-09 |