Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Feb 2010 19:21:56 +0100
From: Thomas Waldmann <tw-public@....de>
To: oss-security <oss-security@...ts.openwall.com>
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- MoinMoin -- 1.8.7

Sorry, have overlooked some stuff:

>        Though there are xmlrpc related fixes in 1.8.7:
>        "xmlrpc:
>         * Process attachname in get/putAttachment similarly.
>         * revertPage: convert pagename to internal representation." --
>         Thomas are these also security related fixes?

No, this is rather to handle stuff consistently.

>    c, " Do not use OpenID auth code" -- not sure about state of this.

Fixed by 1.8.7 (and soon by 1.9.2).

BTW, I need a 3rd CVE for user profile input sanitizing (all moin
versions), also fixed in 1.8.7 (and soon by 1.9.2).


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.