Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 96572

Summary: www-apps/trac File upload vulnerability
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Other   
URL: http://www.hardened-php.net/advisory-012005.php
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen gentoo-dev 2005-06-19 21:32:26 UTC
0.8.4
Fixed file upload vulnerability. Trac could be tricked into uploading files outside the environment directory. All users are recommended to upgrade. Vulnerability found by the Hardened-PHP project.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-20 01:06:12 UTC
web-apps: please bump trac to 0.8.4
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-21 13:02:01 UTC
0.8.4 in cvs. ppc please test and mark stable.
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-21 15:13:34 UTC
Stable on ppc.
Comment 4 Sune Kloppenborg Jeppesen gentoo-dev 2005-06-22 09:48:44 UTC
GLSA 200506-21