FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moinmoin -- wrong processing of group membership

Affected packages
1.9 <= moinmoin < 1.9.4_1

Details

VuXML ID 4f99e2ef-f725-11e1-8bd8-0022156e8794
Discovery 2012-09-03
Entry 2012-09-05
Modified 2012-09-11

MoinMoin developers report:

If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now (they erroneously included All/Known/Trusted users even if you did not list them as members), but will start working correctly with this changeset.

E.g. AllFriendsGroup:

AllFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup:

MyTrustedFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all trusted users and JoeDoe before.

[source]

References

CVE Name CVE-2012-4404
URL http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.