Subject: pkg/32507: www/trac 0.9.2 have XSS vulnerabilities, should update.
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <obata@lins.jp>
List: pkgsrc-bugs
Date: 01/12/2006 13:20:01
>Number: 32507
>Category: pkg
>Synopsis: www/trac 0.9.2 have XSS vulnerabilities, should update.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: pkg-manager
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Thu Jan 12 13:20:00 +0000 2006
>Originator: OBATA Akio
>Release: NetBSD 3.0.0_STABLE
>Organization:
LINS, Japan.
>Environment:
System: NetBSD miki.lins.jp 3.0.0_STABLE NetBSD 3.0.0_STABLE (MIKI) #8: Wed Jan 11 02:28:09 JST 2006 root@:/usr/src/sys/arch/i386/compile/MIKI i386
Architecture: i386
Machine: i386
>Description:
Trac 0.9.2 have XSS vulnerabilities.
Here is a ChangeLog from 0.9.2 to 0.9.3
======================================================================
Trac 0.9.3 (Jan 8, 2006)
http://svn.edgewall.com/repos/trac/tags/trac-0.9.3
* Fixed XSS vulnerabilities.
* Timeline RSS feed validity issue resolved.
* "trac-admin initenv" now handles empty repositories.
* Textile unicode support.
* Fixed bugs: #1158, #2290, #2337, #2416, #2440, #2468, #2473, #2484,
#2490, #2493, #2512, #2517, #2519, #2527, #2548, #2558, #2558
>How-To-Repeat:
N/A
>Fix:
Here is a patch for update from 0.9.2 to 0.9.3.
Index: Makefile
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/Makefile,v
retrieving revision 1.15
diff -u -r1.15 Makefile
--- Makefile 17 Dec 2005 17:06:18 -0000 1.15
+++ Makefile 12 Jan 2006 12:46:38 -0000
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.15 2005/12/17 17:06:18 wiz Exp $
#
-DISTNAME= trac-0.9.2
+DISTNAME= trac-0.9.3
CATEGORIES= devel www
MASTER_SITES= http://ftp.edgewall.com/pub/trac/ \
ftp://ftp.edgewall.com/pub/trac/
Index: distinfo
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/distinfo,v
retrieving revision 1.12
diff -u -r1.12 distinfo
--- distinfo 17 Dec 2005 16:56:13 -0000 1.12
+++ distinfo 12 Jan 2006 12:56:41 -0000
@@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.12 2005/12/17 16:56:13 wiz Exp $
-SHA1 (trac-0.9.2.tar.gz) = 31d0c4cbc1df9531ecc8ae6ed1698b8e7b9849c4
-RMD160 (trac-0.9.2.tar.gz) = b2bc5407fa53ad44c9f6bc5d33315b0aff0e41ff
-Size (trac-0.9.2.tar.gz) = 332266 bytes
+SHA1 (trac-0.9.3.tar.gz) = 20b18e6a6180869baafa982eede5b1f8889822aa
+RMD160 (trac-0.9.3.tar.gz) = 122cc18b4d20dbf7d6bcb09e28d8f179f66d885d
+Size (trac-0.9.3.tar.gz) = 337714 bytes
SHA1 (patch-aa) = 5d8c1c3e5416e73d6cc24a5a45d4ec7afdc4a095