Your message dated Tue, 18 Nov 2008 00:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505197: fixed in trac 0.11.1-2.1
has caused the Debian Bug report #505197,
regarding SA32652: Trac Multiple Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
505197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505197
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: trac
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for trac.
SA32652[1]
> Description:
> Some vulnerabilities have been reported in Trac, which can be
> exploited by malicious people to cause a DoS (Denial of Service) or to
> conduct phishing attacks.
>
> 1) An unspecified error in the HTML sanitiser filter can be exploited
> to conduct phishing attacks.
>
> 2) An unspecified error when processing wiki markup can be exploited
> to cause a DoS.
>
> The vulnerabilities are reported in versions prior to 0.11.2.
>
> Solution:
> Update to version 0.11.2.
>
> Provided and/or discovered by:
> The vendor credits:
> 1) Simon Willison
> 2) Matt Murphy
>
> Original Advisory:
> http://trac.edgewall.org/wiki/ChangeLog
If you fix the vulnerability please also make sure to include the SA id
(or
the CVE id when one is assigned) in the changelog entry.
[1]http://secunia.com/advisories/32652/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkYO2EACgkQNxpp46476aoYHwCeL34/Pp6GuUkI9n/r4DgVWqAU
u30AniHJcJLaEhBn65PouA02PupLmC9W
=Seda
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: trac
Source-Version: 0.11.1-2.1
We believe that the bug you reported is fixed in the latest version of
trac, which is due to be installed in the Debian FTP archive:
trac_0.11.1-2.1.diff.gz
to pool/main/t/trac/trac_0.11.1-2.1.diff.gz
trac_0.11.1-2.1.dsc
to pool/main/t/trac/trac_0.11.1-2.1.dsc
trac_0.11.1-2.1_all.deb
to pool/main/t/trac/trac_0.11.1-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[EMAIL PROTECTED]> (supplier of updated trac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 16 Nov 2008 18:34:25 +0100
Source: trac
Binary: trac
Architecture: source all
Version: 0.11.1-2.1
Distribution: unstable
Urgency: high
Maintainer: Debian Trac Team <[EMAIL PROTECTED]>
Changed-By: Giuseppe Iuculano <[EMAIL PROTECTED]>
Description:
trac - Enhanced wiki and issue tracking system for software development
Closes: 505197
Changes:
trac (0.11.1-2.1) unstable; urgency=high
.
* Non-maintainer upload.
* Fix Trac Multiple Vulnerabilities (SA32652) (Closes: #505197)
Checksums-Sha1:
4821c7c86797beabb05a8cbc594fdef444be43e9 1398 trac_0.11.1-2.1.dsc
a53eaef004ff3325280d24482caeb3af800ca968 29513 trac_0.11.1-2.1.diff.gz
b839fded26027f42fefe6982bdaeb0348c2b20b7 559792 trac_0.11.1-2.1_all.deb
Checksums-Sha256:
5f12a6f03ae85624920c5d5a378a3acee4dbc20f86288e8cc9d745ebd7c6ee30 1398
trac_0.11.1-2.1.dsc
475b0e16afa46fd665fba22c0d1fac37d8cf4c9e4d08640a8c553bdc7cc8630a 29513
trac_0.11.1-2.1.diff.gz
5cb5ceb9fc83627a7912484d7f3ea02e6475911abd33d942c6b592f9ddeabda9 559792
trac_0.11.1-2.1_all.deb
Files:
31be698012bf68262b460c405beb4fde 1398 web optional trac_0.11.1-2.1.dsc
851b32bb88ec955ef93082ab5ec3bf27 29513 web optional trac_0.11.1-2.1.diff.gz
5dd1cffaf0e4afd3903bddffaa799f41 559792 web optional trac_0.11.1-2.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJILSvYzuFKFF44qURApSLAKDfoF0O92+V/jhyiwDu2AjlG3m1igCfTC0f
GMJmD9+aQulkrKc2IP3XsEw=
=zlzZ
-----END PGP SIGNATURE-----
--- End Message ---
