pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

pkg/32507: www/trac 0.9.2 have XSS vulnerabilities, should update.

>Number:         32507
>Category:       pkg
>Synopsis:       www/trac 0.9.2 have XSS vulnerabilities, should update.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 12 13:20:00 +0000 2006
>Originator:     OBATA Akio
>Release:        NetBSD 3.0.0_STABLE
>Organization:
        LINS, Japan.
>Environment:
System: NetBSD miki.lins.jp 3.0.0_STABLE NetBSD 3.0.0_STABLE (MIKI) #8: Wed Jan 
11 02:28:09 JST 2006 root@:/usr/src/sys/arch/i386/compile/MIKI i386
Architecture: i386
Machine: i386
>Description:
        Trac 0.9.2 have XSS vulnerabilities.

        Here is a ChangeLog from 0.9.2 to 0.9.3

        ======================================================================
        Trac 0.9.3 (Jan 8, 2006)
        http://svn.edgewall.com/repos/trac/tags/trac-0.9.3

         * Fixed XSS vulnerabilities.
         * Timeline RSS feed validity issue resolved.
         * "trac-admin initenv" now handles empty repositories.
         * Textile unicode support.
         * Fixed bugs: #1158, #2290, #2337, #2416, #2440, #2468, #2473, #2484,
           #2490, #2493, #2512, #2517, #2519, #2527, #2548, #2558, #2558 

>How-To-Repeat:
        N/A
>Fix:
        Here is a patch for update from 0.9.2 to 0.9.3.

Index: Makefile
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/Makefile,v
retrieving revision 1.15
diff -u -r1.15 Makefile
--- Makefile    17 Dec 2005 17:06:18 -0000      1.15
+++ Makefile    12 Jan 2006 12:46:38 -0000
@@ -1,7 +1,7 @@
 # $NetBSD: Makefile,v 1.15 2005/12/17 17:06:18 wiz Exp $
 #
 
-DISTNAME=      trac-0.9.2
+DISTNAME=      trac-0.9.3
 CATEGORIES=    devel www
 MASTER_SITES=  http://ftp.edgewall.com/pub/trac/ \
                ftp://ftp.edgewall.com/pub/trac/
Index: distinfo
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/distinfo,v
retrieving revision 1.12
diff -u -r1.12 distinfo
--- distinfo    17 Dec 2005 16:56:13 -0000      1.12
+++ distinfo    12 Jan 2006 12:56:41 -0000
@@ -1,6 +1,6 @@
 $NetBSD: distinfo,v 1.12 2005/12/17 16:56:13 wiz Exp $
 
-SHA1 (trac-0.9.2.tar.gz) = 31d0c4cbc1df9531ecc8ae6ed1698b8e7b9849c4
-RMD160 (trac-0.9.2.tar.gz) = b2bc5407fa53ad44c9f6bc5d33315b0aff0e41ff
-Size (trac-0.9.2.tar.gz) = 332266 bytes
+SHA1 (trac-0.9.3.tar.gz) = 20b18e6a6180869baafa982eede5b1f8889822aa
+RMD160 (trac-0.9.3.tar.gz) = 122cc18b4d20dbf7d6bcb09e28d8f179f66d885d
+Size (trac-0.9.3.tar.gz) = 337714 bytes
 SHA1 (patch-aa) = 5d8c1c3e5416e73d6cc24a5a45d4ec7afdc4a095
Home | Main Index | Thread Index | Old Index