First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 53126
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 53126 depends on: Show dependency tree
Bug 53126 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-06-06 04:02 0000 
Some bugs were fixed, including some critical security problems. There were
also some minor feature improvements.
http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=243709

------- Comment #1 From Kurt Lieber 2004-06-06 04:45:40 0000 ------- 
I'm not seeing the "critical" security fixes.  Looks like there have been some
tweaks to some ACLs but I didn't see any mention of being able to bypass
security in the old version.

Are there other links that talk about exactly what was wrong in the old
version?

------- Comment #2 From Carsten Lohrke 2004-06-06 05:29:44 0000 ------- 
Sorry, I stupidly copied from freshmeat in this case. I don't know why it's
announced as a critical fix.

------- Comment #3 From Kurt Lieber 2004-06-06 07:22:41 0000 ------- 
ok -- I'm going to re-assing to web-apps then as this seems more like a regular
bump bug than a security problem.

If further information emerges that indicates there are important security
problems with the previous version, please feel free to kick this back over to
security.

------- Comment #4 From Lance Albertson 2004-06-21 12:14:56 0000 ------- 
I found more info on this particular problem:

http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482

Sounds like it should have a security fix bump possibly.

------- Comment #5 From Carsten Lohrke 2004-06-24 06:28:49 0000 ------- 
Sorry Kurt, you're back in the game. Don't know, if I was too blind to find it
or just missed the info by a few hours. Thanks Lance! :)

------- Comment #6 From Thierry Carrez (RETIRED) 2004-06-24 12:47:52 0000 ------- 
Fix is in 1.2.2, please bump.
Target keywords : "x86 sparc ~amd64"

------- Comment #7 From Joshua J. Berry (CondorDes) (RETIRED) 2004-06-29 13:28:42 0000 ------- 
It installs ok with a simple copy of the ebuild to bump it, but it gives a
warning about needing to be converted to use webapp.eclass instead of
webapp-apache.eclass.

I have not actually tested its functionality.

------- Comment #8 From Thierry Carrez (RETIRED) 2004-07-02 11:27:30 0000 ------- 
web-apps : please bump, otherwise we'll have to mask the package.

------- Comment #9 From Kurt Lieber 2004-07-08 11:05:40 0000 ------- 
masking.

------- Comment #10 From Grant Goodyear 2004-07-08 15:29:02 0000 ------- 
Tested 1.2.2, works on x86.  Leaving arch-masked on sparc and amd64.
Unmasked.

------- Comment #11 From Thierry Carrez (RETIRED) 2004-07-09 01:10:10 0000 ------- 
Reopening so that a GLSA can be issued.
sparc: please mark net-www/moinmoin-1.2.2 stable.

------- Comment #12 From Jason Wever (RETIRED) 2004-07-09 21:21:21 0000 ------- 
Stable on sparc :)

------- Comment #13 From Thierry Carrez (RETIRED) 2004-07-10 03:12:03 0000 ------- 
GLSA-ready

------- Comment #14 From Sune Kloppenborg Jeppesen 2004-07-11 05:21:45 0000 ------- 
GLSA drafted : security please review

------- Comment #15 From Kurt Lieber 2004-07-11 06:36:11 0000 ------- 
glsa 200407-09
First Last Prev Next    No search results available      Search page      Enter new bug