trac 0.8-1ubuntu1.1 source package in Ubuntu
Changelog
trac (0.8-1ubuntu1.1) hoary-security; urgency=high
* SECURITY UPDATE: fix arbitrary file upload path
* trac/File.py: Check the attachment id for uploads does not contain
.. in any section, which left unchecked allows the script to
upload a file to any place in the filesystem writable via the webserver
which could lead to arbitrary code execution
* References:
CAN-2005-2147
https://launchpad.net/malone/bugs/1559
http://bugs.debian.org/315145
-- Trent Lloyd <email address hidden> Fri, 16 Sep 2005 19:23:13 +0800
Upload details
- Uploaded by:
- Ubuntu Archive Auto-Sync
- Uploaded to:
- Hoary
- Original maintainer:
- Jesus Climent
- Architectures:
- all
- Section:
- web
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| trac_0.8-1ubuntu1.1.dsc | 656 bytes | 63420b038a235f537ac75c1b9650ba2442c6dff8e7e308216c6245f978f57f1b |
| trac_0.8.orig.tar.gz | 229.4 KiB | c0e9e2fe5f314f440dfd4a03287ae53441a4739540b1b1e27d8d0cc97a4da8bf |
| trac_0.8-1ubuntu1.1.diff.gz | 4.2 KiB | 2120f5b055c8e39eecfce996c454ae6c81789e1640ced78f31ab4212458c2d95 |
No changes file available.
Binary packages built by this source
- trac: No summary available for trac in ubuntu hoary.
No description available for trac in ubuntu hoary.
