[Pkg-trac-devel] trac oldstable update for CVE-2008-5646 CVE-2008-5647
Luis Matos
gass at otiliamatos.ath.cx
Tue Jun 9 17:32:49 UTC 2009
Hello!
I think they don't apply for oldstable.
if you check security focus, the 0.10.x series don't come there.
please, advice in contrary.
Sáb, 2009-06-06 às 19:16 +0200, Giuseppe Iuculano escreveu:
> Hi,
>
> the following CVE (Common Vulnerabilities & Exposures) ids were
> published for trac some time ago.
>
> CVE-2008-5646[0]:
> | Unspecified vulnerability in Trac before 0.11.2 allows attackers to
> | cause a denial of service via unknown attack vectors related to
> | "certain wiki markup."
>
> CVE-2008-5647[1]:
> | Unspecified vulnerability in the HTML sanitizer filter in Trac before
> | 0.11.2 allows attackers to conduct phishing attacks via unknown attack
> | vectors.
>
>
> Unfortunately the vulnerability described above is not important enough
> to get it fixed via regular security update in Debian oldstable. It does
> not warrant a DSA.
>
> However it would be nice if this could get fixed via a regular point update[2].
> Please contact the release team for this.
>
> This is an automatically generated mail, in case you are already working on an
> upgrade this is of course pointless.
>
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5646
> http://security-tracker.debian.net/tracker/CVE-2008-5646
> [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5647
> http://security-tracker.debian.net/tracker/CVE-2008-5647
> [2] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
>
> Kind regards
> Giuseppe.
>
>
> _______________________________________________
> Pkg-trac-devel mailing list
> Pkg-trac-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-trac-devel
More information about the Pkg-trac-devel
mailing list