Trac needs security fixes
Bug #394290 reported by
Raul Wegmann
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
trac (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Dapper |
Won't Fix
|
Low
|
Artur Rona | ||
Hardy |
Won't Fix
|
Low
|
Artur Rona | ||
Jaunty |
Fix Released
|
Low
|
Unassigned | ||
Karmic |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: trac
From http://
- Fixes a cross-site redirection vulnerability in the quickjump function reported by Russ McRee.
- Fixes a wiki engine XSS vulnerability found by Nathan Collins.
Ubuntu hardy ships version 0.10.4.
Related branches
lp:~ari-tczew/ubuntu/karmic/trac/fix-CVE-2009-4405
Ready for review
for merging
into
lp:ubuntu/karmic/trac
- Jamie Strandboge: Approve
-
Diff: 103 lines (+84/-0)3 files modifieddebian/changelog (+12/-0)
debian/patches/00list (+1/-0)
debian/patches/21_CVE-2009-4405.dpatch (+71/-0)
lp:~ari-tczew/ubuntu/jaunty/trac/fix-CVE-2009-4405
Ready for review
for merging
into
lp:ubuntu/jaunty/trac
- Marc Deslauriers: Approve
-
Diff: 152 lines (+98/-5)5 files modifieddebian/changelog (+17/-0)
debian/control (+2/-1)
debian/patches/00list (+1/-0)
debian/patches/18_CVE-2009-4405.dpatch (+71/-0)
debian/rules (+7/-4)
summary: |
- Trac 0.10.5 contains two security fixes + Trac needs security fixes |
Changed in trac (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in trac (Ubuntu Jaunty): | |
assignee: | nobody → Artur Rona (ari-tczew) |
Changed in trac (Ubuntu Hardy): | |
assignee: | nobody → Artur Rona (ari-tczew) |
Changed in trac (Ubuntu Dapper): | |
assignee: | nobody → Artur Rona (ari-tczew) |
Changed in trac (Ubuntu Jaunty): | |
assignee: | Artur Rona (ari-tczew) → nobody |
status: | Confirmed → New |
Changed in trac (Ubuntu): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res