Bug 557298 (CVE-2010-0667)
| Summary: | CVE-2010-0667 moin information disclosure vulnerability | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | extras-orphan, jlieskov, vpvainio |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | moin-1.9.1-1.fc13 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-01-21 19:14:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 557299 | ||
| Bug Blocks: | |||
The CVE identifier of CVE-2010-0667 has been assigned to this. |
The MoinMoin 1.9.1 release [1] corrects a security issue related to sys.argv that only affects 1.9.x releases (as per the Moin security fix announcements page [2] and the Secunia advisory [3]). According to that advisory, this vulnerability can be used to disclose sensitive information, but no additional details are given. The changelog indicates: Version 1.9.1: Bug fixes: * Fixed sys.argv security issue ... Fedora 12 and prior versions contain MoinMoin 1.8.x, whereas Rawhide currently has 1.9.0 and requires being updated to 1.9.1. [1] http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES [2] http://moinmo.in/SecurityFixes [3] http://secunia.com/advisories/38242/