[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: MoinMoin Wiki (path traversal vulnerability)
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-12-30 3:41:28
Message-ID: 50DFB7E8.5070202 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/29/2012 11:29 AM, Tilmann Haak wrote:
> Hi all,
>
> there is a path traversal issue in MoinMoin wiki (version 1.9.3 -
> 1.9.5). The vulnerability resides in the AttachFile action
> (function _do_attachment_move in action/AttachFile.py). It fails to
> properly sanitize file names.
>
> Details can be found at: http://moinmo.in/SecurityFixes
>
> A fix is available at:
> http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
>
> Is it possible to get a CVE number for this one?
>
> kind regards, Tilmann
Please use CVE-2012-6080 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQ37foAAoJEBYNRVNeJnmTbKcP/2oAyAcuPak2580QRo3KdiCB
bxM9LuXfCW3eYqIV3pU/wzuN9N+JVvfmEgstP+EKV+mrumjzjWcyFfcHdsfJGBDh
LzYZsgTM3XiKhOXyaGbv6KNWW9bx1R9HTGPIFRtEiszY253AO/KDXZIB3pRMfWUK
l4I9RB99/o94HSk+Bp9f+cjthIABt6vBZK+EECqIRJxMtguwF15QOjz3P3cyO4OZ
ouM7T73G3iXoZ3svyjuT+oVBjck4DZQy6niZ2LywzZaShRfnZGofcAcCvFAnKspj
lGUhb5YR7k4qSOuAqibnI/OVVMnRTly/ouMcl//OlobpW0lvY6GlMGaRJK6LyfML
W6zr1RCB7nAlp14mZ+8Jl3rBrJ/OyQhH/EsqTCU8Lu3thye4FHstMtqR5kYmDNkf
cdYCU+MT4UR0IuvuZSbXNWz0Rz9Ig9VTPoRui16CpezPtn0QeaqM2624WOLau1TE
MHXZA6w7+92+/yb4RPIHQ+iTx1DKQ2aVjo7poJBFXzPHm8dW1WJQMQFSuAYix61S
b54n4YAFaGThj5IWfnswNHz7qq2g8vpBkent0OIWMAXSdC430/GPdetBI8mmlph1
3894/KQCaE68bIkKzn5lminT4e9UAglsmLRhLg8NkuzH+3SNto/6vwud2quz4AsA
mCyVaMybICzEo2pil/W9
=L88+
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic