Bug 231729 (CVE-2007-1406)

Summary: trac < 0.10.3.1 XSS
Product: [Fedora] Fedora Reporter: Ville Skyttä <ville.skytta>
Component: tracAssignee: Jeffrey C. Ollie <jeff>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: fedora-security-list, gwync
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-11 13:40:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ville Skyttä 2007-03-10 21:42:59 UTC
http://secunia.com/advisories/24470
http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1

"The vulnerability is caused due to an error within the "download wiki page as
text" function, which can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site. Successful
exploitation may require that the victim uses IE."

Based on version numbers, all FE5+ releases affected.
(No CVE id yet AFAIK)

Comment 1 Jeffrey C. Ollie 2007-03-11 13:40:16 UTC
I've updated trac in CVS to 0.10.3.1 and submitted builds, but the packages
haven't been pushed out to the mirrors yet.