Description from URL: "Trac 1.0.14 provides more than 3 dozen bug fixes and minor enhancements. The following are some highlights: ... SECURITY: Possible XSS via reStructuredText link. SECURITY: Injection of password prompt using Image macro or reStructuredText image."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=803171e57279ee7b2dd3390eb125f0194ba0b130 commit 803171e57279ee7b2dd3390eb125f0194ba0b130 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-08 01:31:14 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-08 01:31:33 +0000 www-apps/trac: bump to v1.2.5 Closes: https://bugs.gentoo.org/676924 Bug: https://bugs.gentoo.org/711754 Package-Manager: Portage-2.3.91, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-apps/trac/Manifest | 1 + www-apps/trac/trac-1.2.5.ebuild | 114 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 115 insertions(+)
amd64 stable
ppc stable
x86 stable
Thank you for stabilization Maintainer(s), please drop the vulnerable version(s).
(noglsa because XSS)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=635932643a342629693f0d6e45d0a8171ccbb6fb commit 635932643a342629693f0d6e45d0a8171ccbb6fb Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-03-15 01:51:06 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-03-15 01:51:19 +0000 www-apps/trac: security cleanup (bug #711754) Bug: https://bugs.gentoo.org/711754 Package-Manager: Portage-2.3.93, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-apps/trac/Manifest | 2 - www-apps/trac/trac-1.0.9-r1.ebuild | 128 ------------------------------------- www-apps/trac/trac-1.2.1-r1.ebuild | 114 --------------------------------- 3 files changed, 244 deletions(-)
Repository is clean, all done!