i think this is the changeset http://trac.edgewall.org/changeset/7658/branches/0.11-stable i'll get into this to upload a new package.
Em 11/10/2008, "Giuseppe Iuculano" <[EMAIL PROTECTED]> escreveu: >Package: trac >Severity: serious >Tags: security > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >Hi, > >The following SA (Secunia Advisory) id was published for trac. > >SA32652[1] > >> Description: >> Some vulnerabilities have been reported in Trac, which can be >> exploited by malicious people to cause a DoS (Denial of Service) or to >> conduct phishing attacks. >> >> 1) An unspecified error in the HTML sanitiser filter can be exploited >> to conduct phishing attacks. >> >> 2) An unspecified error when processing wiki markup can be exploited >> to cause a DoS. >> >> The vulnerabilities are reported in versions prior to 0.11.2. >> >> Solution: >> Update to version 0.11.2. >> >> Provided and/or discovered by: >> The vendor credits: >> 1) Simon Willison >> 2) Matt Murphy >> >> Original Advisory: >> http://trac.edgewall.org/wiki/ChangeLog > > >If you fix the vulnerability please also make sure to include the SA id >(or >the CVE id when one is assigned) in the changelog entry. > >[1]http://secunia.com/advisories/32652/ > > > > > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.9 (GNU/Linux) > >iEYEARECAAYFAkkYO2EACgkQNxpp46476aoYHwCeL34/Pp6GuUkI9n/r4DgVWqAU >u30AniHJcJLaEhBn65PouA02PupLmC9W >=Seda >-----END PGP SIGNATURE----- > > > >_______________________________________________ >Pkg-trac-devel mailing list >[EMAIL PROTECTED] >http://lists.alioth.debian.org/mailman/listinfo/pkg-trac-devel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
