First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 53375
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: gen2daniel <gen2daniel@gmx.net>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 53375 depends on: Show dependency tree
Bug 53375 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-06-08 22:08 0000 
"Fixed a security hole that allowed any user to view the configuration of any
module, even those that they should not have access to.
Fixed a security hole that could allow an attacker to lock valid users by
sending a bogus username or password."

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Thierry Carrez (RETIRED) 2004-06-09 01:54:26 0000 ------- 
eradicator: please bump webmin to 1.150...

------- Comment #2 From Jeremy Huddleston (RETIRED) 2004-06-12 01:41:34 0000 ------- 
ack... I just got email up, so I didn't notice this until now... I don't have a
system to test this on at the moment and I won't for a few days still... I will
make the ebuild as best I can and put it in package.mask, but someone else
needs to test it for me (I don't have any working gentoo system at the moment
'cause I'm migrating from x86 to amd64 on my servers).

------- Comment #3 From Jeremy Huddleston (RETIRED) 2004-06-12 02:17:18 0000 ------- 
ok... actually I was able to test out the ebuild... I forgot webmin doesn't
require apache...  I've marked it stable on x86 and amd64.

ppc and sparc need to mark it stable before GLSA can be released.

hppa and s390 should test it as well, but AFAIK these are not tier1 archs that
block a GLSA.

------- Comment #4 From Jason Wever (RETIRED) 2004-06-12 16:16:42 0000 ------- 
Stable on sparc.

------- Comment #5 From Luca Barbato 2004-06-13 09:58:02 0000 ------- 
Stable ppc

------- Comment #6 From Thierry Carrez (RETIRED) 2004-06-15 13:00:56 0000 ------- 
Ready for a GLSA.
hppa, ia64 : don't forget to mark stable when you can.

------- Comment #7 From Sune Kloppenborg Jeppesen 2004-06-15 14:23:30 0000 ------- 
GLSA drafted: security please review.

Also if possible remove old vulnerable ebuilds.

------- Comment #8 From Kurt Lieber 2004-06-16 06:31:18 0000 ------- 
glsa 200406-12

------- Comment #9 From Guy Martin 2004-06-16 06:43:37 0000 ------- 
Stable on hppa.
First Last Prev Next    No search results available      Search page      Enter new bug