Patch for CVE-2006-1386

(Portage version: 2.1_pre6-r3)

2 files changed, 23 insertions, 0 deletions

diff --git a/www-apps/twiki/files/CVE-2006-1386.patch b/www-apps/twiki/files/CVE-2006-1386.patch
new file mode 100644
index 000000000000..dff921cd50a5
--- /dev/null
+++ b/www-apps/twiki/files/CVE-2006-1386.patch
@@ -0,0 +1,23 @@
+diff -ur work/lib/TWiki/UI/RDiff.pm work_patched/lib/TWiki/UI/RDiff.pm
+--- work/lib/TWiki/UI/RDiff.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/RDiff.pm	2006-03-25 10:55:01.000000000 -0500
+@@ -394,6 +394,7 @@
+ 
+     TWiki::UI::checkWebExists( $session, $webName, $topic, 'diff' );
+     TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' );
++    TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} );
+ 
+     my $renderStyle = $query->param('render') ||
+       $session->{prefs}->getPreferencesValue( 'DIFFRENDERSTYLE' ) ||
+diff -ur work/lib/TWiki/UI/Save.pm work_patched/lib/TWiki/UI/Save.pm
+--- work/lib/TWiki/UI/Save.pm	2006-02-07 10:08:45.000000000 -0500
++++ work_patched/lib/TWiki/UI/Save.pm	2006-03-25 10:54:19.000000000 -0500
+@@ -104,7 +104,7 @@
+ 
+     if( $topicExists ) {
+         ( $prevMeta, $prevText ) =
+-          $store->readTopic( undef, $webName, $topic, undef );
++          $store->readTopic( $user, $webName, $topic, undef );
+         if( $prevMeta ) {
+             foreach my $k ( keys %$prevMeta ) {
+                 unless( $k =~ /^_/ || $k eq 'FORM' || $k eq 'TOPICPARENT' ||
diff --git a/www-apps/twiki/files/digest-twiki-4.0.1 b/www-apps/twiki/files/digest-twiki-4.0.1-r1
index 18b0503f8fd4..18b0503f8fd4 100644
--- a/www-apps/twiki/files/digest-twiki-4.0.1
+++ b/www-apps/twiki/files/digest-twiki-4.0.1-r1