Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 96572 - www-apps/trac File upload vulnerability
Summary: www-apps/trac File upload vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Other
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.hardened-php.net/advisory-...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-19 21:32 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-06-22 09:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-19 21:32:26 UTC
0.8.4
Fixed file upload vulnerability. Trac could be tricked into uploading files outside the environment directory. All users are recommended to upgrade. Vulnerability found by the Hardened-PHP project.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-06-20 01:06:12 UTC
web-apps: please bump trac to 0.8.4
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-21 13:02:01 UTC
0.8.4 in cvs. ppc please test and mark stable.
Comment 3 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-06-21 15:13:34 UTC
Stable on ppc.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-22 09:48:44 UTC
GLSA 200506-21