Date: Mon, 15 Feb 2010 19:21:56 +0100 From: Thomas Waldmann <tw-public@....de> To: oss-security <oss-security@...ts.openwall.com> Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- MoinMoin -- 1.8.7 Sorry, have overlooked some stuff: > Though there are xmlrpc related fixes in 1.8.7: > "xmlrpc: > * Process attachname in get/putAttachment similarly. > * revertPage: convert pagename to internal representation." -- > Thomas are these also security related fixes? No, this is rather to handle stuff consistently. > c, " Do not use OpenID auth code" -- not sure about state of this. Fixed by 1.8.7 (and soon by 1.9.2). BTW, I need a 3rd CVE for user profile input sanitizing (all moin versions), also fixed in 1.8.7 (and soon by 1.9.2).
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.