"Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to. Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password." Reproducible: Always Steps to Reproduce:
eradicator: please bump webmin to 1.150...
ack... I just got email up, so I didn't notice this until now... I don't have a system to test this on at the moment and I won't for a few days still... I will make the ebuild as best I can and put it in package.mask, but someone else needs to test it for me (I don't have any working gentoo system at the moment 'cause I'm migrating from x86 to amd64 on my servers).
ok... actually I was able to test out the ebuild... I forgot webmin doesn't require apache... I've marked it stable on x86 and amd64. ppc and sparc need to mark it stable before GLSA can be released. hppa and s390 should test it as well, but AFAIK these are not tier1 archs that block a GLSA.
Stable on sparc.
Stable ppc
Ready for a GLSA. hppa, ia64 : don't forget to mark stable when you can.
GLSA drafted: security please review. Also if possible remove old vulnerable ebuilds.
glsa 200406-12
Stable on hppa.