CVE-2008-6548
Published: 30 March 2009
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
Notes
Author | Note |
---|---|
jdstrand | this was fixed by 093_fix-acl-checks.patch in Dapper in 1.5.2-1ubuntu2.3 (ie, prior to CVE assignment). |
Priority
Status
Package | Release | Status |
---|---|---|
moin Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.2-1ubuntu2.3)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(1.5.8-5.1ubuntu2.2)
|
|
intrepid |
Not vulnerable
(1.7.1-1ubuntu1.1)
|
|
jaunty |
Not vulnerable
(1.8.2-2ubuntu2)
|
|
karmic |
Not vulnerable
(1.8.2-2ubuntu2)
|
|
upstream |
Released
(1.6.2 and 1.5.8)
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 upstream: http://hg.moinmo.in/moin/1.5/rev/4949ad88af4e |