This release fixes 2 security critical bugs: one when using ACLs and one when not using ACLs at all (so you really want to upgrade in any case). It also fixes some minor bugs. Changelog: https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801 (can't reach sf.net atm though)
From Changelog : * reverts done by bots or leechers There was a bad, old bug that triggered if you did not use ACLs. In that case, moin used some simple (but wrong and incomplete) function to determine what a user (or bot) may do or may not do. The function is now fixed to allow only read and write to anon users, and only delete and revert to known users additionally - and disallow everything else. * ACL security fix for PageEditor, thanks to Dr. Pleger for reporting web-apps or Grant : please bump to 1.2.3
*** Bug 59338 has been marked as a duplicate of this bug. ***
See bug #58381 for moinmoin-1.2.3.ebuild, updated to use webapp.eclass.
Fixed, but w/o the webapp rewrite (see note in 58381).
Reopening for GLSA We released a GLSA for version 1.2.2. Security please draft or vote no. Thx Grant.
1.2.3-r1 is in CVS, rewritten with webapp.eclass. It is ~ on all arches.
And by that I mean ~x86 ~sparc ~amd64 ~ppc, not ALL arches.
Closed with GLSA 200408-25.
And now the bug is also closed:-/
