Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/2012 05:44 PM, Raphael Geissert wrote:
> Hi,
>
> An issue has been discovered in the way MoinMoin evaluates ACLs and
> virtual groups. The full description and fix is available at: 
> http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
>
> Could a CVE id be assigned please?
>
> Additional reference: http://moinmo.in/SecurityFixes
>
> Cheers,

Please use CVE-2012-4404 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQRsHvAAoJEBYNRVNeJnmTLdkP/1uxV4FWbihvZUcfpdTpaGTs
GJcjfNrox49WJeAw9+vQ/Ijyhboege4WXQotOf4u940bOmXKlTbrwJLfmeRt1Rjx
ZyemGP+J4f7EgF1Cq+xZ8y5r8+pZgv2h+zACx4cvKjHsv19maDwRgQmA5PG8ztDQ
KY6hyaEvpyM2BQlxOp5/8ImyCfHXxjj4UynwntmDJ11HNH9Orye3jV1aysIrokZe
XUMMVa8glkQnw+3AvcMjEv7ZoykdPzlFkR4IcYDubL+cCeSAGxxLJQdcCKU5jPgQ
+qxZTqYo6NPLHEr3OLUWI9S5TpYI7Pl+iARiTKZN27YnSDarsgTyqWsuIpkRSF+M
ixkZoxiW1QdK+4PwlRPbBMcYpzvjIWVEwKq4WNeNu0WdeQQUEV0Q3ydjAG3pSa9w
dQXxhQkmmnSoA990rKZ3kON7iF510b+1Io/v4aDlRS6EIz4AVuatzOUKpiPjb3wl
7bimHScnytXVcbzJT8u8wxzAK6ymGIin598mbQbIyPusXVTWdbZiFlLCihSKxOf9
iTv2Bwg3kajZii8/iTX+eCwTxs62FMYGpee/DOrARHLalnWkGd6djmUwvaduVUTt
ZTzmGq6FjOL7JDpHPtrWtaKTD+nRl+B7RWkWTJV7zmWSNBS7q6lUvvIIiXYieACS
+3DkLgMjtYDlFDIzPLWk
=iQVh
-----END PGP SIGNATURE-----