Date: Wed, 5 Sep 2012 09:47:35 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r303695 - head/security/vuxml Message-ID: <201209050947.q859lZ8L012839@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rea Date: Wed Sep 5 09:47:35 2012 New Revision: 303695 URL: http://svn.freebsd.org/changeset/ports/303695 Log: VuXML: document wrong group ACL processing in MoinMoin Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Sep 5 09:46:58 2012 (r303694) +++ head/security/vuxml/vuln.xml Wed Sep 5 09:47:35 2012 (r303695) @@ -51,6 +51,50 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4f99e2ef-f725-11e1-8bd8-0022156e8794"> + <topic>moinmoin -- wrong processing of group membership</topic> + <affects> + <package> + <name>moinmoin</name> + <range><ge>1.9</ge><lt>1.9.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MoinMoin developers report:</p> + <blockquote cite="http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"> + <p>If you have group NAMES containing "All" or "Known" or + "Trusted", they behaved wrong until now (they erroneously + included All/Known/Trusted users even if you did not list + them as members), but will start working correctly with this + changeset.</p> + <p>E.g. AllFriendsGroup:</p> + <ul> + <li>JoeDoe</li> + </ul> + <p>AllFriendsGroup will now (correctly) include only JoeDoe. + It (erroneously) contained all users (including JoeDoe) + before.</p> + <p>E.g. MyTrustedFriendsGroup:</p> + <ul> + <li>JoeDoe</li> + </ul> + <p>MyTrustedFriendsGroup will now (correctly) include only + JoeDoe. It (erroneously) contained all trusted users and + JoeDoe before.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-4404</cvename> + <url>http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16</url> + </references> + <dates> + <discovery>2012-09-03</discovery> + <entry>2012-09-05</entry> + </dates> + </vuln> + <vuln vid="918f38cd-f71e-11e1-8bd8-0022156e8794"> <topic>php5 -- header splitting attack via carriage-return character</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209050947.q859lZ8L012839>