[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: MoinMoin Wiki (path traversal vulnerability)
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-12-30 3:41:28
Message-ID: 50DFB7E8.5070202 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/29/2012 11:29 AM, Tilmann Haak wrote:
> Hi all,
> 
> there is a path traversal issue in MoinMoin wiki (version 1.9.3 - 
> 1.9.5). The vulnerability resides in the AttachFile action
> (function _do_attachment_move in action/AttachFile.py). It fails to
> properly sanitize file names.
> 
> Details can be found at: http://moinmo.in/SecurityFixes
> 
> A fix is available at:
> http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
> 
> Is it possible to get a CVE number for this one?
> 
> kind regards, Tilmann

Please use CVE-2012-6080 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ37foAAoJEBYNRVNeJnmTbKcP/2oAyAcuPak2580QRo3KdiCB
bxM9LuXfCW3eYqIV3pU/wzuN9N+JVvfmEgstP+EKV+mrumjzjWcyFfcHdsfJGBDh
LzYZsgTM3XiKhOXyaGbv6KNWW9bx1R9HTGPIFRtEiszY253AO/KDXZIB3pRMfWUK
l4I9RB99/o94HSk+Bp9f+cjthIABt6vBZK+EECqIRJxMtguwF15QOjz3P3cyO4OZ
ouM7T73G3iXoZ3svyjuT+oVBjck4DZQy6niZ2LywzZaShRfnZGofcAcCvFAnKspj
lGUhb5YR7k4qSOuAqibnI/OVVMnRTly/ouMcl//OlobpW0lvY6GlMGaRJK6LyfML
W6zr1RCB7nAlp14mZ+8Jl3rBrJ/OyQhH/EsqTCU8Lu3thye4FHstMtqR5kYmDNkf
cdYCU+MT4UR0IuvuZSbXNWz0Rz9Ig9VTPoRui16CpezPtn0QeaqM2624WOLau1TE
MHXZA6w7+92+/yb4RPIHQ+iTx1DKQ2aVjo7poJBFXzPHm8dW1WJQMQFSuAYix61S
b54n4YAFaGThj5IWfnswNHz7qq2g8vpBkent0OIWMAXSdC430/GPdetBI8mmlph1
3894/KQCaE68bIkKzn5lminT4e9UAglsmLRhLg8NkuzH+3SNto/6vwud2quz4AsA
mCyVaMybICzEo2pil/W9
=L88+
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]