Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 53126 - net-www/moinmoin-1.2.2 - major security fixes
Summary: net-www/moinmoin-1.2.2 - major security fixes
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-06 04:02 UTC by Carsten Lohrke (RETIRED)
Modified: 2011-10-30 22:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carsten Lohrke (RETIRED) gentoo-dev 2004-06-06 04:02:19 UTC
Some bugs were fixed, including some critical security problems. There were also some minor feature improvements.
http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=243709
Comment 1 Kurt Lieber (RETIRED) gentoo-dev 2004-06-06 04:45:40 UTC
I'm not seeing the "critical" security fixes.  Looks like there have been some tweaks to some ACLs but I didn't see any mention of being able to bypass security in the old version.

Are there other links that talk about exactly what was wrong in the old version?
Comment 2 Carsten Lohrke (RETIRED) gentoo-dev 2004-06-06 05:29:44 UTC
Sorry, I stupidly copied from freshmeat in this case. I don't know why it's announced as a critical fix.
Comment 3 Kurt Lieber (RETIRED) gentoo-dev 2004-06-06 07:22:41 UTC
ok -- I'm going to re-assing to web-apps then as this seems more like a regular bump bug than a security problem.

If further information emerges that indicates there are important security problems with the previous version, please feel free to kick this back over to security.
Comment 4 Lance Albertson (RETIRED) gentoo-dev 2004-06-21 12:14:56 UTC
I found more info on this particular problem:

http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482

Sounds like it should have a security fix bump possibly.
Comment 5 Carsten Lohrke (RETIRED) gentoo-dev 2004-06-24 06:28:49 UTC
Sorry Kurt, you're back in the game. Don't know, if I was too blind to find it or just missed the info by a few hours. Thanks Lance! :)
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-06-24 12:47:52 UTC
Fix is in 1.2.2, please bump.
Target keywords : "x86 sparc ~amd64"
Comment 7 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-06-29 13:28:42 UTC
It installs ok with a simple copy of the ebuild to bump it, but it gives a warning about needing to be converted to use webapp.eclass instead of webapp-apache.eclass.

I have not actually tested its functionality.
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2004-07-02 11:27:30 UTC
web-apps : please bump, otherwise we'll have to mask the package.
Comment 9 Kurt Lieber (RETIRED) gentoo-dev 2004-07-08 11:05:40 UTC
masking.
Comment 10 Grant Goodyear (RETIRED) gentoo-dev 2004-07-08 15:29:02 UTC
Tested 1.2.2, works on x86.  Leaving arch-masked on sparc and amd64.
Unmasked.
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2004-07-09 01:10:10 UTC
Reopening so that a GLSA can be issued.
sparc: please mark net-www/moinmoin-1.2.2 stable.
Comment 12 Jason Wever (RETIRED) gentoo-dev 2004-07-09 21:21:21 UTC
Stable on sparc :)
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2004-07-10 03:12:03 UTC
GLSA-ready
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-07-11 05:21:45 UTC
GLSA drafted : security please review
Comment 15 Kurt Lieber (RETIRED) gentoo-dev 2004-07-11 06:36:11 UTC
glsa 200407-09