oss-sec mailing list archives
Re: CVE Request -- MoinMoin -- 1.8.7
From: Thomas Waldmann <tw-public () gmx de>
Date: Mon, 15 Feb 2010 19:21:56 +0100
Sorry, have overlooked some stuff:
Though there are xmlrpc related fixes in 1.8.7: "xmlrpc: * Process attachname in get/putAttachment similarly. * revertPage: convert pagename to internal representation." -- Thomas are these also security related fixes?
No, this is rather to handle stuff consistently.
c, " Do not use OpenID auth code" -- not sure about state of this.
Fixed by 1.8.7 (and soon by 1.9.2). BTW, I need a 3rd CVE for user profile input sanitizing (all moin versions), also fixed in 1.8.7 (and soon by 1.9.2).
Current thread:
- CVE Request -- MoinMoin -- 1.8.7 Jan Lieskovsky (Feb 15)
- Re: CVE Request -- MoinMoin -- 1.8.7 Thomas Waldmann (Feb 15)
- Re: CVE Request -- MoinMoin -- 1.8.7 Steven M. Christey (Feb 21)
- Re: CVE Request -- MoinMoin -- 1.8.7 Thomas Waldmann (Feb 15)
- Re: CVE Request -- MoinMoin -- 1.8.7 Steven M. Christey (Feb 21)
- Re: CVE Request -- MoinMoin -- 1.8.7 Thomas Waldmann (Feb 15)