| Summary: | net-www/moinmoin-1.2.3 Fixes security issues | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | CC: | web-apps |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://www.securityfocus.com/bid/10805 | ||
| Whiteboard: | B3? [ ebuild ] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
web-apps please bump to latest version. |
From ChangeLog: -ACL security fix for PageEditor, thanks to Dr. Pleger for reporting -There was a bad, old bug that triggered if you did not use ACLs. In that case, moin used some simple (but wrong and incomplete) function to determine what a user (or bot) may do or may not do. The function is now fixed to allow only read and write to anon users, and only delete and revert to known users additionally - and disallow everything else.