http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4RdiffPreviewAccess " Security Alert: TWiki Rdiff and Preview Scripts Ignore Access Control Settings (CVE-2006-1386) Vulnerable Software Version * TWikiRelease04x00x01 -- TWiki-4.0.1.zip * TWikiRelease04x00x00 -- TWiki-4.0.0.zip Attack Vectors With obscure use of the rdiff and preview scripts it is possible to view access restricted content. Impact An unautorized user can view access restricted areas and gain access to confidential content in TWiki topics." hotfix available, updated twiki release coming soon http://twiki.org/cgi-bin/view/Codev/SecurityAdvisoryDosAttackWithInclude "Security Alert: TWiki INCLUDE function allows DoS Attack on Itself (CVE-2006-1387) Attack Vectors Editing a wiki page and adding an INCLUDE directive. Typically, prior authentication is necessary (including anonymous TWikiGuest accounts). Impact An attacker is able to bring down a server within a few minutes with a DoS attack. All memory is consumed, typically requiring a reboot of the server machine. " hotfix,workaround available
-1386 was patched yesterday with -r1, just added a patch for -1387 with -r2.
nice, seems like we are done then.
