Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) 2015-03-03 21:05:48 UTC

This is the complete diff between both releases (20140525 and 20140929), so I'd suggest marking the new version stable, if you can get it to install (to make sure I don't miss anything while copying the ebuild from my overlay to the tree).

Only in /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/data/pages: playground
diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/doku.php /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/doku.php
--- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/doku.php     2014-12-03 14:38:43.000000000 +0000
+++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/doku.php     2015-02-24 19:51:46.000000000 +0000
@@ -9,7 +9,7 @@
  */
 
 // update message version
-$updateVersion = 44.3;
+$updateVersion = 44.4;
 
 //  xdebug_start_profiling();
 
diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/lib/plugins/acl/remote.php /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/lib/plugins/acl/remote.php
--- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/lib/plugins/acl/remote.php   2014-12-03 14:38:43.000000000 +0000
+++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/lib/plugins/acl/remote.php   2015-02-24 19:51:46.000000000 +0000
@@ -17,12 +17,39 @@
         );
     }
 
-    function addAcl($scope, $user, $level){
+    /**
+     * Add a new entry to ACL config
+     *
+     * @param string $scope
+     * @param string $user
+     * @param int    $level see also inc/auth.php
+     * @throws RemoteAccessDeniedException
+     * @return bool
+     */
+    public function addAcl($scope, $user, $level){
+        if(!auth_isadmin()) {
+            throw new RemoteAccessDeniedException('You are not allowed to access ACLs, superuser permission is required', 114);
+        }
+
+        /** @var admin_plugin_acl $apa */
         $apa = plugin_load('admin', 'acl');
         return $apa->_acl_add($scope, $user, $level);
     }
 
-    function delAcl($scope, $user){
+    /**
+     * Remove an entry from ACL config
+     *
+     * @param string $scope
+     * @param string $user
+     * @throws RemoteAccessDeniedException
+     * @return bool
+     */
+    public function delAcl($scope, $user){
+        if(!auth_isadmin()) {
+            throw new RemoteAccessDeniedException('You are not allowed to access ACLs, superuser permission is required', 114);
+        }
+
+        /** @var admin_plugin_acl $apa */
         $apa = plugin_load('admin', 'acl');
         return $apa->_acl_del($scope, $user);
     }
diff -ur /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/VERSION /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/VERSION
--- /var/tmp/portage/www-apps/dokuwiki-20140505c/work/dokuwiki-2014-05-05c/VERSION      2014-12-03 14:38:43.000000000 +0000
+++ /var/tmp/portage/www-apps/dokuwiki-20140505d/work/dokuwiki-2014-05-05d/VERSION      2015-02-24 19:51:46.000000000 +0000
@@ -1 +1 @@
-2014-05-05c "Ponder Stibbons"
+2014-05-05d "Ponder Stibbons"

21:03 < irker860> gentoo-x86: jmbsvicetto www-apps/dokuwiki: Add 20140525d 
release - bug 541918 (CVE-2015-2172).

@security:
We're ready to call arch teams to stabilize the unaffected versions (20140525d and 20140929c).

Comment 2 Aaron Bauman (RETIRED) 2016-02-19 23:33:08 UTC

This bug is old.  Two stable versions are in the tree 20140929d and 20140929d-r1.

Comment 3 Jorge Manuel B. S. Vicetto (RETIRED) 2016-02-20 01:35:01 UTC

I don't see any of the affected versions in the tree.

Comment 4 Aaron Bauman (RETIRED) 2016-12-27 08:17:31 UTC

Affected packages long gone from tree.