Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 218752 (CVE-2008-1937)

Summary: www-apps/moinmoin <1.6.3 ACL/superuser privilege escalation (CVE-2008-1937)
Product: Gentoo Security Reporter: Johan Marcusson <independence>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: hanno, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
URL: http://moinmo.in/SecurityFixes
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 16:09:43 UTC 
* Security fix: a check in the user form processing was not working as
  expected, leading to a major ACL and superuser priviledge escalation
  problem. If you use ACL entries other than "Known:" or "All:" and/or
  a non-empty superuser list, you need to urgently install this upgrade. 

http://hg.moinmo.in/moin/1.6/rev/f405012e67af
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-25 12:00:13 UTC 
in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 21:02:45 UTC 
Arches, please test and mark stable:
=www-apps/moinmoin-1.6.3
Target keywords : "amd64 ppc release sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-04-26 11:51:21 UTC 
amd64/x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:03:53 UTC 
ppc stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-04-28 18:11:06 UTC 
sparc stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:21:47 UTC 
Fixed in release snapshot.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-05-06 15:17:11 UTC 
GLSA vote, I vote YES.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-07 22:43:37 UTC 
YES too, request filed.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-11 13:28:54 UTC 
GLSA 200805-09