Does this affect Sycamore? (Remember that Sycamore branched from MoinMoin...)
Graham Begin forwarded message: > From: Kees Cook <[EMAIL PROTECTED]> > Date: 08 May, 2007 00:07:03 PDT (CA) > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: [USN-458-1] MoinMoin vulnerabilities > Reply-To: [EMAIL PROTECTED] > > =========================================================== > Ubuntu Security Notice USN-458-1 May 07, 2007 > moin vulnerabilities > CVE-2007-2423 > =========================================================== > > A security issue affects the following Ubuntu releases: > > Ubuntu 6.06 LTS > Ubuntu 6.10 > Ubuntu 7.04 > > This advisory also applies to the corresponding versions of > Kubuntu, Edubuntu, and Xubuntu. > > The problem can be corrected by upgrading your system to the > following package versions: > > Ubuntu 6.06 LTS: > python2.4-moinmoin 1.5.2-1ubuntu2.3 > > Ubuntu 6.10: > python2.4-moinmoin 1.5.3-1ubuntu1.3 > > Ubuntu 7.04: > python-moinmoin 1.5.3-1.1ubuntu3.1 > > In general, a standard system upgrade is sufficient to effect the > necessary changes. > > Details follow: > > A flaw was discovered in MoinMoin's error reporting when using the > AttachFile action. By tricking a user into viewing a crafted MoinMoin > URL, an attacker could execute arbitrary JavaScript as the current > MoinMoin user, possibly exposing the user's authentication information > for the domain where MoinMoin was hosted. (CVE-2007-2423) > > Flaws were discovered in MoinMoin's ACL handling for calendars and > includes. Unauthorized users would be able to read pages that would > otherwise be unavailable to them. > > > Updated packages for Ubuntu 6.06 LTS: > > Source archives: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.2-1ubuntu2.3.diff.gz > Size/MD5: 39487 c3b1dfe20a3bb839def08020159321ef > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.2-1ubuntu2.3.dsc > Size/MD5: 702 584b400e32f0fae1aef2fa69ffed2bd8 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.2.orig.tar.gz > Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87 > > Architecture independent packages: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin- > common_1.5.2-1ubuntu2.3_all.deb > Size/MD5: 1507924 c53bc6a1452309b150dc86d0884feea6 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/python- > moinmoin_1.5.2-1ubuntu2.3_all.deb > Size/MD5: 69548 cc8dd84cef4cd95749a7f3914c55b49b > http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4- > moinmoin_1.5.2-1ubuntu2.3_all.deb > Size/MD5: 834738 950146660e787274fe0d69a8ab2bff5d > > Updated packages for Ubuntu 6.10: > > Source archives: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3-1ubuntu1.3.diff.gz > Size/MD5: 40234 e232754328aa47d1f2c5be8252392bf3 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3-1ubuntu1.3.dsc > Size/MD5: 726 86bb330aafbfb7c428950f8646fc084b > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3.orig.tar.gz > Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d > > Architecture independent packages: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin- > common_1.5.3-1ubuntu1.3_all.deb > Size/MD5: 1574744 57f533196afd6198798b24eaa105d596 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/python- > moinmoin_1.5.3-1ubuntu1.3_all.deb > Size/MD5: 73640 64019d9f0109287760bfd5b4660cdc4b > http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4- > moinmoin_1.5.3-1ubuntu1.3_all.deb > Size/MD5: 909078 f6deadb7c99624b72b08b973c0973f8f > > Updated packages for Ubuntu 7.04: > > Source archives: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3-1.1ubuntu3.1.diff.gz > Size/MD5: 38905 30c1f2043f7629767530923b797026c5 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3-1.1ubuntu3.1.dsc > Size/MD5: 671 7209cfa3f1a21c1a45dcb2ddf16cabb9 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/ > moin_1.5.3.orig.tar.gz > Size/MD5: 4187091 e95ec46ee8de9527a39793108de22f7d > > Architecture independent packages: > > http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin- > common_1.5.3-1.1ubuntu3.1_all.deb > Size/MD5: 1574964 e73dd559227f0712c5d453b80a08f388 > http://security.ubuntu.com/ubuntu/pool/main/m/moin/python- > moinmoin_1.5.3-1.1ubuntu3.1_all.deb > Size/MD5: 914232 26c1e3c3344c2666c1150a77b0ffcccc > > -- > ubuntu-security-announce mailing list > [EMAIL PROTECTED] > Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/ > listinfo/ubuntu-security-announce _______________________________________________ Sycamore-Dev mailing list [EMAIL PROTECTED] http://www.projectsycamore.org/ https://tools.cernio.com/mailman/listinfo/sycamore-dev
