updated version of trac?
Jimmy G. Devenport
jimmyd at lanl.gov
Thu Jul 31 16:33:39 UTC 2008
Hello EPEL-DEVEL-LIST,
I don't know if this has been brought up on this list yet... I didn't
see it in the archives for July '08. I am wondering when there will be a
later version of trac (0.10.5 or later) in the EPEL repositories.
Thank you.
Jimmy Devenport
Los Alamos National Lab
*Vulnerability : Trac quickjump Cross-Site Redirection - Medium
<http://trac.edgewall.org/wiki/ChangeLoga0.10.5>
(http://trac.edgewall.org/wiki/ChangeLoga0.10.5) [Nessus]*
*Description : *
The remote host is running Trac, an enhanced wiki and issue tracking
system for software development projects.
The version of Trac installed on the remote host fails to sanitize user
input to the q parameter of the search script before using it in an
unfiltered and unmanaged fashion in a redirect. An attacker may be able
to use an open redirect such as this to trick people into visiting
malicious sites, which could lead to phishing attacks, browser exploits,
or drive-by malware downloads.
*Fix : *
Upgrade to Trac version 0.11.0 / 0.10.5 or later.
More information about the epel-devel-list
mailing list