Ibid

Permissions are ignored for @handler

Bug #705860 reported by Max Rabkin on 2011-01-21

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ibid	Fix Released	Critical	Max Rabkin	Ibid 0.1.1 "Pimpernel"

Bug Description

If a handler has no "pattern" attribute, it will be called even if this is not authorised.

This is probably not exploitable for great evil at the moment; the only processor affected is Invited. Feel free to mark as not-a-vulnerability if you agree.

Tags:

Related branches

lp:~max-rabkin/ibid/perms-705860

Merged into lp:~ibid-core/ibid/old-trunk-1.6 at revision 996

Stefano Rivera: Approve on 2011-01-21

marcog (community): Approve on 2011-01-21

Merged into lp:~ibid-core/ibid/old-release-0.1-1.6 at revision 970

Stefano Rivera: Approve on 2011-01-21

marcog (community): Approve on 2011-01-21

lp:debian/squeeze/ibid

Max Rabkin (max-rabkin) on 2011-01-21

Changed in ibid:
status:	New → In Progress

Stefano Rivera (stefanor) on 2011-01-21

visibility:	private → public
Changed in ibid:
status:	In Progress → Fix Committed

Stefano Rivera (stefanor) on 2011-02-23

Changed in ibid:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.