First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 57913
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 57913 depends on: 58381 Show dependency tree
Bug 57913 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-07-21 16:40 0000 
This release fixes 2 security critical bugs: one when using ACLs and one when
not using ACLs at all (so you really want to upgrade in any case). It also
fixes some minor bugs.

Changelog:
https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801
(can't reach sf.net atm though)

------- Comment #1 From Thierry Carrez (RETIRED) 2004-07-22 02:36:30 0000 ------- 
From Changelog :

    * reverts done by bots or leechers
      There was a bad, old bug that triggered if you did not use ACLs. In that
      case, moin used some simple (but wrong and incomplete) function to
      determine what a user (or bot) may do or may not do. The function is now
      fixed to allow only read and write to anon users, and only delete and
      revert to known users additionally - and disallow everything else.

    * ACL security fix for PageEditor, thanks to Dr. Pleger for reporting

web-apps or Grant : please bump to 1.2.3

------- Comment #2 From Thierry Carrez (RETIRED) 2004-08-04 00:33:32 0000 ------- 
*** Bug 59338 has been marked as a duplicate of this bug. ***

------- Comment #3 From Renat Lumpau 2004-08-04 03:30:39 0000 ------- 
See bug #58381 for moinmoin-1.2.3.ebuild, updated to use webapp.eclass.

------- Comment #4 From Grant Goodyear 2004-08-16 12:14:39 0000 ------- 
Fixed, but w/o the webapp rewrite (see note in 58381).

------- Comment #5 From Sune Kloppenborg Jeppesen 2004-08-16 14:26:49 0000 ------- 
Reopening for GLSA

We released a GLSA for version 1.2.2. Security please draft or vote no.

Thx Grant.

------- Comment #6 From Renat Lumpau 2004-08-27 15:05:10 0000 ------- 
1.2.3-r1 is in CVS, rewritten with webapp.eclass. It is ~ on all arches.

------- Comment #7 From Renat Lumpau 2004-08-27 15:06:03 0000 ------- 
And by that I mean ~x86 ~sparc ~amd64 ~ppc, not ALL arches.

------- Comment #8 From Sune Kloppenborg Jeppesen 2004-08-28 15:58:44 0000 ------- 
Closed with GLSA 200408-25.

------- Comment #9 From Sune Kloppenborg Jeppesen 2004-08-28 15:59:39 0000 ------- 
And now the bug is also closed:-/
First Last Prev Next    No search results available      Search page      Enter new bug