Bug 542394 (CVE-2009-4405)
Summary: | trac: please update to the latest stable version (0.11.4 -> 0.11.6) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jose Pedro Oliveira <jose.p.oliveira.oss> |
Component: | trac | Assignee: | Gwyn Ciesla <gwync> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | dcantrell, fschwarz, gwync, vdanen |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 0.11.6-1.fc11 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-01-12 23:33:10 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jose Pedro Oliveira
2009-11-29 16:20:21 UTC
Jon, Jesse: Ok, if I go ahead and update the package? Well, I'm not sure where Jesse is in his work on this, so I'm hesitant to say yes at this point. Jesse? Feel free to get this update out into rawhide and updates-testing where appropriate. I can rebase my work forward. Ok. Felix, if you've got this ready, feel free, otherwise I can do it. Ping! Felix: does you offer still stands? trac-0.11.6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/trac-0.11.6-1.fc12 trac-0.11.6-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update trac'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12975 trac-0.11.6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4405 to the following vulnerability: Name: CVE-2009-4405 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4405 Assigned: 20091223 Reference: MISC: https://bugzilla.redhat.com/show_bug.cgi?id=542394 Reference: CONFIRM: http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE Reference: FEDORA:FEDORA-2009-12975 Reference: URL: https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html Reference: SECUNIA:37807 Reference: URL: http://secunia.com/advisories/37807 Reference: SECUNIA:37901 Reference: URL: http://secunia.com/advisories/37901 Reference: VUPEN:ADV-2009-3615 Reference: URL: http://www.vupen.com/english/advisories/2009/3615 Reference: XF:trac-alternate-security-bypass(54983) Reference: URL: http://xforce.iss.net/xforce/xfdb/54983 Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6." Fedora 11 still requires this fix as it is providing 0.11.4. I'm aware of the F11 problem and will fix it tomorrow. trac-0.11.6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/trac-0.11.6-1.fc11 trac-0.11.6-1.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update trac'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-0007 trac-0.11.6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |