Red Hat Bugzilla – Bug 438657
CVE-2008-1099: moin ACL enforcement flaw
Last modified: 2009-04-13 08:40:19 EDT
"_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly
enforce ACLs, which allows remote attackers to read protected pages."
F-7, F-8, EPEL-4 and EPEL-5 have 1.5.8 in CVS. Should be fixed upstream in
1.5.9 and http://hg.moinmo.in/moin/1.5/rev/4a7de0173734
moin-1.5.9-1.fc8 has been submitted as an update for Fedora 8
moin-1.5.9-1.fc7 has been submitted as an update for Fedora 7
moin-1.5.9-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
moin-1.5.9-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
I had forgotten to close this report. All current versions have this issue fixed.