[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

updated version of trac?



Hello EPEL-DEVEL-LIST,

I don't know if this has been brought up on this list yet... I didn't see it in the archives for July '08. I am wondering when there will be a later version of trac (0.10.5 or later) in the EPEL repositories.

Thank you.

Jimmy Devenport
Los Alamos National Lab

*Vulnerability : Trac quickjump Cross-Site Redirection - Medium <http://trac.edgewall.org/wiki/ChangeLoga0.10.5> (http://trac.edgewall.org/wiki/ChangeLoga0.10.5) [Nessus]*
*Description : *
The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects.

The version of Trac installed on the remote host fails to sanitize user input to the q parameter of the search script before using it in an unfiltered and unmanaged fashion in a redirect. An attacker may be able to use an open redirect such as this to trick people into visiting malicious sites, which could lead to phishing attacks, browser exploits, or drive-by malware downloads.

*Fix : *
Upgrade to Trac version 0.11.0 / 0.10.5 or later.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]