Bug 139467

Summary:	www-apps/trac: 0.9.6 fixes breach of privacy and denial of service vulnerability
Product:	Gentoo Security	Reporter:	Mikhail Markin <gentoobugzilla>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	dju, jaervosz, stuart
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://projects.edgewall.com/trac/wiki/TracDownload
Whiteboard:	B3 [noglsa] Falco
Package list:		Runtime testing required:	---

Description Mikhail Markin 2006-07-06 12:04:11 UTC

Hello. Trac 0.9.6 has been released. This is a security fix release: http://projects.edgewall.com/trac/wiki/TracDownload . Please bump the www-aps/trac ebuild to 0.9.6.

Thanks

Mikhail

Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-07-06 15:23:59 UTC

Hi Dju, trac before 0.9.6 contains security vulnerabilities.
Can you provide a new ebuild please ?


http://projects.edgewall.com/trac/wiki/ChangeLog :
    * Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann.
    * trac-post-commit-hook fixes.
    * Fixed bugs: #2894, #3058, #3209 #3325.

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-07-09 14:05:07 UTC

*** Bug 139807 has been marked as a duplicate of this bug. ***

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-07-09 14:05:54 UTC

Arches please test and mark stable.

Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev

2006-07-10 12:19:12 UTC

ppc stable

Comment 5 Raúl Porcel (RETIRED) gentoo-dev

2006-07-12 15:38:44 UTC

Tested on x86. Works without a problem. Should be marked as stable.

Comment 6 Joshua Jackson (RETIRED) gentoo-dev

2006-07-13 11:19:42 UTC

poof x86 is gone ^.^

Comment 7 Mikhail Markin 2006-07-14 09:59:18 UTC

Tested on AMD64. Works fine.

Comment 8 Thierry Carrez (RETIRED) gentoo-dev

2006-08-23 12:06:53 UTC

*** Bug 144872 has been marked as a duplicate of this bug. ***