Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218752 (CVE-2008-1937) - www-apps/moinmoin <1.6.3 ACL/superuser privilege escalation (CVE-2008-1937)
Summary: www-apps/moinmoin <1.6.3 ACL/superuser privilege escalation (CVE-2008-1937)
Alias: CVE-2008-1937
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2008-04-21 17:46 UTC by Johan Marcusson
Modified: 2008-05-11 13:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-04-23 16:09:43 UTC
* Security fix: a check in the user form processing was not working as
  expected, leading to a major ACL and superuser priviledge escalation
  problem. If you use ACL entries other than "Known:" or "All:" and/or
  a non-empty superuser list, you need to urgently install this upgrade.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-04-25 12:00:13 UTC
in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-04-25 21:02:45 UTC
Arches, please test and mark stable:
Target keywords : "amd64 ppc release sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-04-26 11:51:21 UTC
amd64/x86 stable
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2008-04-28 17:03:53 UTC
ppc stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-04-28 18:11:06 UTC
sparc stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-04-29 06:21:47 UTC
Fixed in release snapshot.
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2008-05-06 15:17:11 UTC
GLSA vote, I vote YES.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-07 22:43:37 UTC
YES too, request filed.
Comment 10 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-05-11 13:28:54 UTC
GLSA 200805-09