Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 544568

Summary: www-apps/moinmoin: Advertising insecure AddHandler directive
Product: Gentoo Linux Reporter: Sebastian Pipping <sping>
Component: Current packagesAssignee: Gentoo Web Application Packages Maintainers <web-apps>
Severity: normal CC: treecleaner
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: Pending removal: 2018-12-04
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 544560    

Description Sebastian Pipping gentoo-dev 2015-03-26 16:03:06 UTC

File files/postinstall-en-1.9.4.txt used by moinmoin-1.9.7-r1.ebuild currently reads:

  1. ExecCGI needs to be enabled in your Moinmoin directory by doing:
  # echo "Options ExecCGI" > ${MY_INSTALLDIR}/.htaccess
  # echo "AddHandler cgi-script .cgi" >> ${MY_INSTALLDIR}/.htaccess

Since the use of AddHandler is a security threat, I would ask you to change that into a solution based on SetHandler, instead.  Please check

for an example.

Many thanks!