Package: trac Version: 0.8.1-3sarge2 Severity: normal http://www.securityfocus.com/bid/16198 discusses an XSS vulnerability in trac. It's fixed in 0.9.3, and is discussed in more detail at http://projects.edgewall.com/trac/ticket/2473.
I've tested this against my sarge version 0.8.1-3sarge2 and an IE browser, and it is vulnerable. Unfortunately securityfocus don't have a CVE number up for this yet. Cheers, Geoff -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages trac depends on: ii python 2.3.5-2 An interactive high-level object-o ii python-clearsilver 0.9.13-3.2 python bindings for clearsilver ii python-sqlite 1.0.1-2 python interface to SQLite ii python2.3-subversion 1.1.4-2 python modules for interfacing wit ii subversion 1.1.4-2 advanced version control system (a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
