[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Backports-security-announce] Security Update for trac

Jan Wagner uploaded a new package for trac which fixed the following
security problem:

Some vulnerabilities have been reported in Trac, which can be exploited by 
malicious people to cause a DoS (Denial of Service) or to conduct phishing 

1) An unspecified error in the HTML sanitiser filter can be exploited to 
conduct phishing attacks.
2) An unspecified error when processing wiki markup can be exploited to cause 
a DoS.

For the etch-backports distribution the problem has been fixed in
version 0.11.1-2.1~bpo40+1. 

For the lenny distribution the problem will be fixed soon in
version 0.11.1-2.1.

For the sid distribution the problem has been fixed in
version 0.11.1-2.1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update trac 
manually via "apt-get -t etch-backports install trac".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=etch-backports
Pin-Priority: 200

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: