CVE-2014-6276

NameCVE-2014-6276
Descriptionschema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3502-1
Debian Bugs816780

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
roundup (PTS)jessie, jessie (lts)1.4.20-1.1+deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
roundupsourcewheezy1.4.20-1.1+deb7u1DSA-3502-1
roundupsourcejessie1.4.20-1.1+deb8u1DSA-3502-1
roundupsource(unstable)(unfixed)816780

Notes

http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
Search for package or bug name: Reporting problems