Date: Mon, 5 Apr 2010 14:25:05 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security <oss-security@...ts.openwall.com> Subject: Debian Moin Question Hello everyone, I just ran across this ID from MITRE: Name: CVE-2010-1238 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20100405 Category: Reference: DEBIAN:DSA-2024 Reference: URL:http://www.debian.org/security/2010/dsa-2024 MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. The only data I can find on this is from the Debian DSA, and the information is quite slim. Can someone shed more light on this flaw? Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.