Package: trac Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for trac.
CVE-2008-5647[0]: | Unspecified vulnerability in the HTML sanitizer filter in Trac before | 0.11.2 allows attackers to conduct phishing attacks via unknown attack | vectors. CVE-2008-5646[1]: | Unspecified vulnerability in Trac before 0.11.2 allows attackers to | cause a denial of service via unknown attack vectors related to | "certain wiki markup." If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. The CVE ids are not that helpful. You can find an upstream patch for the first issue on: http://trac.edgewall.org/changeset/7658/branches/0.11-stable and for the second issue on: http://trac.edgewall.org/changeset/7657/branches/0.11-stable For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5647 http://security-tracker.debian.net/tracker/CVE-2008-5647 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5646 http://security-tracker.debian.net/tracker/CVE-2008-5646 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpFN49akEXBQ.pgp
Description: PGP signature
