From ${URL} : Security issues were discovered in the passwordauth plugin's use of CGI::FormBuilder, involving API design issues similar to those that led to CVE-2014-1572. Impact: * An attacker who can log in to a site with a password can log in as a different and potentially more privileged user. * An attacker who can create a new account can set arbitrary fields in the user database for that account. Sites that enable the CGI script (cgi_wrapper) and do not disable the simple password authentication plugin (passwordauth, enabled by default) are affected. References: http://seclists.org/oss-sec/2017/q1/67 https://ikiwiki.info/security/#cve-2017-0356 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
please stabilize 3.20170111
An automated check of this bug failed - repoman reported dependency errors (21 lines truncated): > dependency.bad www-apps/ikiwiki/ikiwiki-3.20170111.ebuild: DEPEND: x86(default/linux/x86/13.0) ['dev-perl/Text-Markdown', 'dev-perl/YAML-LibYAML', 'dev-perl/Net-OpenID-Consumer', 'dev-perl/XML-Feed'] > dependency.bad www-apps/ikiwiki/ikiwiki-3.20170111.ebuild: RDEPEND: x86(default/linux/x86/13.0) ['dev-perl/Text-Markdown', 'dev-perl/YAML-LibYAML', '>=dev-perl/CGI-FormBuilder-3.0202', 'dev-perl/XML-Feed', 'dev-perl/LWPx-ParanoidAgent', 'dev-perl/Net-OpenID-Consumer'] > dependency.bad www-apps/ikiwiki/ikiwiki-3.20170111.ebuild: DEPEND: x86(default/linux/x86/13.0/desktop) ['dev-perl/Text-Markdown', 'dev-perl/YAML-LibYAML', 'dev-perl/Net-OpenID-Consumer', 'dev-perl/XML-Feed']
version 3.20170111 released cleaned other versions
alice, do you want x86 stabilized still?
amd64 is stable and tree has been cleaned by maintainer. @maintainer, if you want x86 stabilized please open a separate stable bug. GLSA Vote: No