Giuseppe Iuculano
2008-Nov-10 13:47 UTC
[Secure-testing-team] Bug#505197: SA32652: Trac Multiple Vulnerabilities
Package: trac Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for trac. SA32652[1]> Description: > Some vulnerabilities have been reported in Trac, which can be > exploited by malicious people to cause a DoS (Denial of Service) or to > conduct phishing attacks. > > 1) An unspecified error in the HTML sanitiser filter can be exploited > to conduct phishing attacks. > > 2) An unspecified error when processing wiki markup can be exploited > to cause a DoS. > > The vulnerabilities are reported in versions prior to 0.11.2. > > Solution: > Update to version 0.11.2. > > Provided and/or discovered by: > The vendor credits: > 1) Simon Willison > 2) Matt Murphy > > Original Advisory: > http://trac.edgewall.org/wiki/ChangeLogIf you fix the vulnerability please also make sure to include the SA id (or the CVE id when one is assigned) in the changelog entry. [1]http://secunia.com/advisories/32652/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkYO2EACgkQNxpp46476aoYHwCeL34/Pp6GuUkI9n/r4DgVWqAU u30AniHJcJLaEhBn65PouA02PupLmC9W =Seda -----END PGP SIGNATURE-----