Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 04 Sep 2012 21:07:27 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Raphael Geissert <geissert@...ian.org>
Subject: Re: CVE request: moinmoin incorrect ACL evaluation
 for virtual groups

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/2012 05:44 PM, Raphael Geissert wrote:
> Hi,
> 
> An issue has been discovered in the way MoinMoin evaluates ACLs and
> virtual groups. The full description and fix is available at: 
> http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
> 
> Could a CVE id be assigned please?
> 
> Additional reference: http://moinmo.in/SecurityFixes
> 
> Cheers,

Please use CVE-2012-4404 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQRsHvAAoJEBYNRVNeJnmTLdkP/1uxV4FWbihvZUcfpdTpaGTs
GJcjfNrox49WJeAw9+vQ/Ijyhboege4WXQotOf4u940bOmXKlTbrwJLfmeRt1Rjx
ZyemGP+J4f7EgF1Cq+xZ8y5r8+pZgv2h+zACx4cvKjHsv19maDwRgQmA5PG8ztDQ
KY6hyaEvpyM2BQlxOp5/8ImyCfHXxjj4UynwntmDJ11HNH9Orye3jV1aysIrokZe
XUMMVa8glkQnw+3AvcMjEv7ZoykdPzlFkR4IcYDubL+cCeSAGxxLJQdcCKU5jPgQ
+qxZTqYo6NPLHEr3OLUWI9S5TpYI7Pl+iARiTKZN27YnSDarsgTyqWsuIpkRSF+M
ixkZoxiW1QdK+4PwlRPbBMcYpzvjIWVEwKq4WNeNu0WdeQQUEV0Q3ydjAG3pSa9w
dQXxhQkmmnSoA990rKZ3kON7iF510b+1Io/v4aDlRS6EIz4AVuatzOUKpiPjb3wl
7bimHScnytXVcbzJT8u8wxzAK6ymGIin598mbQbIyPusXVTWdbZiFlLCihSKxOf9
iTv2Bwg3kajZii8/iTX+eCwTxs62FMYGpee/DOrARHLalnWkGd6djmUwvaduVUTt
ZTzmGq6FjOL7JDpHPtrWtaKTD+nRl+B7RWkWTJV7zmWSNBS7q6lUvvIIiXYieACS
+3DkLgMjtYDlFDIzPLWk
=iQVh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ