Summary: | net-www/moinmoin-1.2.2 - major security fixes | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Carsten Lohrke (RETIRED) <carlo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Carsten Lohrke (RETIRED)
2004-06-06 04:02:19 UTC
I'm not seeing the "critical" security fixes. Looks like there have been some tweaks to some ACLs but I didn't see any mention of being able to bypass security in the old version. Are there other links that talk about exactly what was wrong in the old version? Sorry, I stupidly copied from freshmeat in this case. I don't know why it's announced as a critical fix. ok -- I'm going to re-assing to web-apps then as this seems more like a regular bump bug than a security problem. If further information emerges that indicates there are important security problems with the previous version, please feel free to kick this back over to security. I found more info on this particular problem: http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482 Sounds like it should have a security fix bump possibly. Sorry Kurt, you're back in the game. Don't know, if I was too blind to find it or just missed the info by a few hours. Thanks Lance! :) Fix is in 1.2.2, please bump. Target keywords : "x86 sparc ~amd64" It installs ok with a simple copy of the ebuild to bump it, but it gives a warning about needing to be converted to use webapp.eclass instead of webapp-apache.eclass. I have not actually tested its functionality. web-apps : please bump, otherwise we'll have to mask the package. masking. Tested 1.2.2, works on x86. Leaving arch-masked on sparc and amd64. Unmasked. Reopening so that a GLSA can be issued. sparc: please mark net-www/moinmoin-1.2.2 stable. Stable on sparc :) GLSA-ready GLSA drafted : security please review glsa 200407-09 |