On Sat, 20 Jun 2009 18:15:16 +0200, Frank Lin PIAT wrote: > I have analyzed the code, and made some test. It seems that there is no > such "ACL vulnerability". Actually it doesn't even seems to be a bug: > The developers seems to have decided to change the behavior of ACLs in > moinmoin:
redhat did issue a security update for this one, so you would think that there is something to this. however, it is possible that they overreacted based on the fact that the commit message says "security." my interpretation is that this fixes some security test cases, but doesn't actually fix a security problem itself. mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
