Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 711754 - <www-apps/trac-1.2: Multiple vulnerabilities
Summary: <www-apps/trac-1.2: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://trac.edgewall.org/wiki/TracCh...
Whiteboard: B4 [noglsa]
Keywords:
Depends on: 711838
Blocks:
  Show dependency tree
 
Reported: 2020-03-06 23:29 UTC by Sam James
Modified: 2020-03-15 01:51 UTC (History)
1 user (show)

See Also:
Package list:
www-apps/trac-1.2.5
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-06 23:29:46 UTC 
Description from URL:
"Trac 1.0.14 provides more than 3 dozen bug fixes and minor enhancements. The following are some highlights: 
...
SECURITY: Possible XSS via reStructuredText link.
SECURITY: Injection of password prompt using Image macro or reStructuredText image."
Comment 1 Larry the Git Cow gentoo-dev 2020-03-08 01:31:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=803171e57279ee7b2dd3390eb125f0194ba0b130

commit 803171e57279ee7b2dd3390eb125f0194ba0b130
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-08 01:31:14 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-08 01:31:33 +0000

    www-apps/trac: bump to v1.2.5
    
    Closes: https://bugs.gentoo.org/676924
    Bug: https://bugs.gentoo.org/711754
    Package-Manager: Portage-2.3.91, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-apps/trac/Manifest          |   1 +
 www-apps/trac/trac-1.2.5.ebuild | 114 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 115 insertions(+)
Comment 2 Agostino Sarubbo gentoo-dev 2020-03-08 11:10:59 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2020-03-08 12:35:17 UTC 
ppc stable
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-09 01:59:33 UTC 
x86 stable
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2020-03-09 06:34:04 UTC 
Thank you for stabilization

Maintainer(s), please drop the vulnerable version(s).
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-13 11:32:21 UTC 
(noglsa because XSS)
Comment 7 Larry the Git Cow gentoo-dev 2020-03-15 01:51:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=635932643a342629693f0d6e45d0a8171ccbb6fb

commit 635932643a342629693f0d6e45d0a8171ccbb6fb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-03-15 01:51:06 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-03-15 01:51:19 +0000

    www-apps/trac: security cleanup (bug #711754)
    
    Bug: https://bugs.gentoo.org/711754
    Package-Manager: Portage-2.3.93, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-apps/trac/Manifest             |   2 -
 www-apps/trac/trac-1.0.9-r1.ebuild | 128 -------------------------------------
 www-apps/trac/trac-1.2.1-r1.ebuild | 114 ---------------------------------
 3 files changed, 244 deletions(-)
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-15 01:51:50 UTC 
Repository is clean, all done!