[Pkg-trac-devel] Bug#505197: Bug#505197: SA32652: Trac Multiple Vulnerabilities
gass at otiliamatos.ath.cx
gass at otiliamatos.ath.cx
Tue Nov 11 00:01:56 UTC 2008
i think this is the changeset
http://trac.edgewall.org/changeset/7658/branches/0.11-stable
i'll get into this to upload a new package.
Em 11/10/2008, "Giuseppe Iuculano" <giuseppe at iuculano.it> escreveu:
>Package: trac
>Severity: serious
>Tags: security
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>Hi,
>
>The following SA (Secunia Advisory) id was published for trac.
>
>SA32652[1]
>
>> Description:
>> Some vulnerabilities have been reported in Trac, which can be
>> exploited by malicious people to cause a DoS (Denial of Service) or to
>> conduct phishing attacks.
>>
>> 1) An unspecified error in the HTML sanitiser filter can be exploited
>> to conduct phishing attacks.
>>
>> 2) An unspecified error when processing wiki markup can be exploited
>> to cause a DoS.
>>
>> The vulnerabilities are reported in versions prior to 0.11.2.
>>
>> Solution:
>> Update to version 0.11.2.
>>
>> Provided and/or discovered by:
>> The vendor credits:
>> 1) Simon Willison
>> 2) Matt Murphy
>>
>> Original Advisory:
>> http://trac.edgewall.org/wiki/ChangeLog
>
>
>If you fix the vulnerability please also make sure to include the SA id
>(or
>the CVE id when one is assigned) in the changelog entry.
>
>[1]http://secunia.com/advisories/32652/
>
>
>
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.9 (GNU/Linux)
>
>iEYEARECAAYFAkkYO2EACgkQNxpp46476aoYHwCeL34/Pp6GuUkI9n/r4DgVWqAU
>u30AniHJcJLaEhBn65PouA02PupLmC9W
>=Seda
>-----END PGP SIGNATURE-----
>
>
>
>_______________________________________________
>Pkg-trac-devel mailing list
>Pkg-trac-devel at lists.alioth.debian.org
>http://lists.alioth.debian.org/mailman/listinfo/pkg-trac-devel
More information about the Pkg-trac-devel
mailing list