Debian Bug report logs -
#344006
CVE-2005-4305: XSS vulnerability
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 19 Dec 2005 12:18:02 UTC
Severity: important
Tags: security
Done: Otavio Salvador <otavio@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Jesus Climent <jesus.climent@hispalinux.es>:
Bug#344006; Package trac.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Jesus Climent <jesus.climent@hispalinux.es>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: trac
Severity: important
Tags: security
Another XSS vulnerability has been reported for Trac. Details
are sparse, the only reference I could find so far is
http://www.frsirt.com/english/advisories/2005/2936
This has been assigned CVE-2005-4305, please mention it in the
changelog when fixing this.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Information forwarded to debian-bugs-dist@lists.debian.org, Jesus Climent <jesus.climent@hispalinux.es>:
Bug#344006; Package trac.
(full text, mbox, link).
Acknowledgement sent to Daniel Serodio <debbugs.*.dserodio@neverbox.com>:
Extra info received and forwarded to list. Copy sent to Jesus Climent <jesus.climent@hispalinux.es>.
(full text, mbox, link).
Message #10 received at 344006@bugs.debian.org (full text, mbox, reply):
Trac 0.9.3 is out and fixes this vulnerability.
http://ftp.edgewall.com/pub/trac/trac-0.9.3.tar.gz
http://projects.edgewall.com/trac/wiki/ChangeLog
Thanks,
Daniel Serodio
Reply sent to Otavio Salvador <otavio@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 344006-done@bugs.debian.org (full text, mbox, reply):
This version is hold on incoming and should hit unstable today.
--
O T A V I O S A L V A D O R
---------------------------------------------
E-mail: otavio@debian.org UIN: 5906116
GNU/Linux User: 239058 GPG ID: 49A5F855
Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
"Microsoft gives you Windows ... Linux gives
you the whole house."
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 17 Jun 2007 11:58:18 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:32:39 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon