| Summary: | www-apps/moinmoin: Advertising insecure AddHandler directive | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Sebastian Pipping <sping> |
| Component: | Current packages | Assignee: | Gentoo Web Application Packages Maintainers <web-apps> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | normal | CC: | treecleaner |
| Priority: | Normal | Keywords: | PMASKED |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | Pending removal: 2018-12-04 | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 544560 | ||
Hello! File files/postinstall-en-1.9.4.txt used by moinmoin-1.9.7-r1.ebuild currently reads: 1. ExecCGI needs to be enabled in your Moinmoin directory by doing: # echo "Options ExecCGI" > ${MY_INSTALLDIR}/.htaccess # echo "AddHandler cgi-script .cgi" >> ${MY_INSTALLDIR}/.htaccess Since the use of AddHandler is a security threat, I would ask you to change that into a solution based on SetHandler, instead. Please check https://bugs.gentoo.org/show_bug.cgi?id=538822#c3 for an example. Many thanks!