Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
There is a new vulnerability which affects www-apps/twiki: (remote execution of arbitrary commands with the permissions of the user running twiki) http://www.securityfocus.com/bid/14834 http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev A number of countermeasures are mentioned in the above website (patches). I installed the twiki available in portage (~20041030) and it's vulnerable. On the other hand it seems that there is another vulnerability according to (not tested): http://twiki.org/cgi-bin/view/Codev/UncoordinatedSecurityAlert23Feb2005
This is public, opening. web-apps: please bump. Note that the package being only in ~ it won't generate a GLSA.
Thanks for reporting, both fixed in CVS.
No GLSA, closing.
Hm. no. Renat: you should revbump so that people get the fix by normal upgrade.
doh. fixed.
Really closing
