[Secure-testing-team] Bug#505197: SA32652: Trac Multiple Vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Mon Nov 10 13:47:17 UTC 2008
Package: trac
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for trac.
SA32652[1]
> Description:
> Some vulnerabilities have been reported in Trac, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or to
> conduct phishing attacks.
>
> 1) An unspecified error in the HTML sanitiser filter can be exploited
> to conduct phishing attacks.
>
> 2) An unspecified error when processing wiki markup can be exploited
> to cause a DoS.
>
> The vulnerabilities are reported in versions prior to 0.11.2.
>
> Solution:
> Update to version 0.11.2.
>
> Provided and/or discovered by:
> The vendor credits:
> 1) Simon Willison
> 2) Matt Murphy
>
> Original Advisory:
> http://trac.edgewall.org/wiki/ChangeLog
If you fix the vulnerability please also make sure to include the SA id
(or
the CVE id when one is assigned) in the changelog entry.
[1]http://secunia.com/advisories/32652/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkYO2EACgkQNxpp46476aoYHwCeL34/Pp6GuUkI9n/r4DgVWqAU
u30AniHJcJLaEhBn65PouA02PupLmC9W
=Seda
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list