Subject: pkg/32507: www/trac 0.9.2 have XSS vulnerabilities, should update.
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <obata@lins.jp>
List: pkgsrc-bugs
Date: 01/12/2006 13:20:01
>Number:         32507
>Category:       pkg
>Synopsis:       www/trac 0.9.2 have XSS vulnerabilities, should update.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 12 13:20:00 +0000 2006
>Originator:     OBATA Akio
>Release:        NetBSD 3.0.0_STABLE
>Organization:
	LINS, Japan.
>Environment:
System: NetBSD miki.lins.jp 3.0.0_STABLE NetBSD 3.0.0_STABLE (MIKI) #8: Wed Jan 11 02:28:09 JST 2006 root@:/usr/src/sys/arch/i386/compile/MIKI i386
Architecture: i386
Machine: i386
>Description:
	Trac 0.9.2 have XSS vulnerabilities.

	Here is a ChangeLog from 0.9.2 to 0.9.3

	======================================================================
	Trac 0.9.3 (Jan 8, 2006)
	http://svn.edgewall.com/repos/trac/tags/trac-0.9.3

	 * Fixed XSS vulnerabilities.
	 * Timeline RSS feed validity issue resolved.
	 * "trac-admin initenv" now handles empty repositories.
	 * Textile unicode support.
	 * Fixed bugs: #1158, #2290, #2337, #2416, #2440, #2468, #2473, #2484,
	   #2490, #2493, #2512, #2517, #2519, #2527, #2548, #2558, #2558 

>How-To-Repeat:
	N/A
>Fix:
	Here is a patch for update from 0.9.2 to 0.9.3.

Index: Makefile
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/Makefile,v
retrieving revision 1.15
diff -u -r1.15 Makefile
--- Makefile	17 Dec 2005 17:06:18 -0000	1.15
+++ Makefile	12 Jan 2006 12:46:38 -0000
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.15 2005/12/17 17:06:18 wiz Exp $
 #
 
-DISTNAME=	trac-0.9.2
+DISTNAME=	trac-0.9.3
 CATEGORIES=	devel www
 MASTER_SITES=	http://ftp.edgewall.com/pub/trac/ \
 		ftp://ftp.edgewall.com/pub/trac/
Index: distinfo
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/distinfo,v
retrieving revision 1.12
diff -u -r1.12 distinfo
--- distinfo	17 Dec 2005 16:56:13 -0000	1.12
+++ distinfo	12 Jan 2006 12:56:41 -0000
@@ -1,6 +1,6 @@
 $NetBSD: distinfo,v 1.12 2005/12/17 16:56:13 wiz Exp $
 
-SHA1 (trac-0.9.2.tar.gz) = 31d0c4cbc1df9531ecc8ae6ed1698b8e7b9849c4
-RMD160 (trac-0.9.2.tar.gz) = b2bc5407fa53ad44c9f6bc5d33315b0aff0e41ff
-Size (trac-0.9.2.tar.gz) = 332266 bytes
+SHA1 (trac-0.9.3.tar.gz) = 20b18e6a6180869baafa982eede5b1f8889822aa
+RMD160 (trac-0.9.3.tar.gz) = 122cc18b4d20dbf7d6bcb09e28d8f179f66d885d
+Size (trac-0.9.3.tar.gz) = 337714 bytes
 SHA1 (patch-aa) = 5d8c1c3e5416e73d6cc24a5a45d4ec7afdc4a095