Candidate: CVE-2008-6548
PublicDate: 2009-03-30 01:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6548
 http://moinmo.in/SecurityFixes
 https://ubuntu.com/security/notices/USN-458-1
Description:
 The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the
 ACL of an included page, which allows attackers to read unauthorized
 include files via unknown vectors.
Ubuntu-Description:
Notes:
 jdstrand> this was fixed by 093_fix-acl-checks.patch in Dapper in
  1.5.2-1ubuntu2.3 (ie, prior to CVE assignment).
Bugs:
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_moin:
 upstream: http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546 (for 1.6)
 upstream: http://hg.moinmo.in/moin/1.5/rev/4949ad88af4e (for 1.5)
upstream_moin: released (1.6.2 and 1.5.8)
dapper_moin: released (1.5.2-1ubuntu2.3)
gutsy_moin: needed (reached end-of-life)
hardy_moin: not-affected (1.5.8-5.1ubuntu2.2)
intrepid_moin: not-affected (1.7.1-1ubuntu1.1)
jaunty_moin: not-affected (1.8.2-2ubuntu2)
karmic_moin: not-affected (1.8.2-2ubuntu2)
devel_moin: not-affected (1.8.2-2ubuntu2)