FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moinmoin -- wrong processing of group membership

Affected packages
1.9 <= moinmoin < 1.9.4_1


VuXML ID 4f99e2ef-f725-11e1-8bd8-0022156e8794
Discovery 2012-09-03
Entry 2012-09-05
Modified 2012-09-11

MoinMoin developers report:

If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now (they erroneously included All/Known/Trusted users even if you did not list them as members), but will start working correctly with this changeset.

E.g. AllFriendsGroup:

AllFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all users (including JoeDoe) before.

E.g. MyTrustedFriendsGroup:

MyTrustedFriendsGroup will now (correctly) include only JoeDoe. It (erroneously) contained all trusted users and JoeDoe before.


CVE Name CVE-2012-4404