LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2008-1562 (moin)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 7 Update: moin-1.5.8-3.fc7


Date:
    	      Tue, 12 Feb 2008 22:10:07 -0700


Message-ID:
    	      <200802130510.m1D5AISm006029@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-1562
2008-02-13 04:20:44
--------------------------------------------------------------------------------

Name        : moin
Product     : Fedora 7
Version     : 1.5.8
Release     : 3.fc7
URL         : http://moinmoin.wikiwikiweb.de/
Summary     : MoinMoin is a Python clone of WikiWiki
Description :
A WikiWikiWeb is a collaborative hypertext environment, with an emphasis on
easy access to and modification of information. MoinMoin is a Python
WikiClone that allows you to easily set up your own wiki, only requiring a
Web server and a Python installation.

--------------------------------------------------------------------------------
Update Information:

It was discovered that moin allowed to overwrite arbitrary files writable by the
user running moin using a crafted cookie with certain user IDs via a directory
traversal flaw. This updated package fixes this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  8 2008 Matthias Saou <http://freshrpms.net/> 1.5.8-3
- Include e69a16b6e630 1.5 changeset as cookieidfix (#432017).
* Sun Aug  5 2007 Matthias Saou <http://freshrpms.net/> 1.5.8-2
- Update License field.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #432017 - moin: file overwrite via crafted cookie
        https://bugzilla.redhat.com/show_bug.cgi?id=432017
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update moin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds