Bug 100081 - upgrade for port www/trac
Summary: upgrade for port www/trac
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ion-Mihai "IOnut" Tetcu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-11 12:10 UTC by Adrian Penisoara
Modified: 2006-07-11 14:05 UTC (History)
0 users

See Also:


Attachments
file.diff (159 bytes, patch)
2006-07-11 12:10 UTC, Adrian Penisoara
no flags Details | Diff
file.diff (536 bytes, patch)
2006-07-11 12:10 UTC, Adrian Penisoara
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adrian Penisoara 2006-07-11 12:10:14 UTC
 Port www/trac, at version 0.9.5, is affected by a security vulnerability
registered in VuXML:

http://www.freebsd.org/ports/portaudit/b0d61f73-0e11-11db-a47b-000c2957fdf1.html

 The Trac project already made available version 0.9.6 which fixes the above
problem -- quoting from http://trac.edgewall.org/wiki/ChangeLog :

0.9.6
   * Fixed reStructuredText breach of privacy and denial of service vulnerability
     found by Felix Wiemann.

Fix: No extensive testing, but I already use it in production at a customer site.

PORTNAME=      trac
-PORTVERSION=   0.9.5
+PORTVERSION=   0.9.6
 CATEGORIES=    www devel python
 MASTER_SITES=  http://ftp.edgewall.com/pub/trac/ \
                ftp://ftp.edgewall.com/pub/trac/
Comment 1 Edwin Groothuis freebsd_committer 2006-07-11 12:10:31 UTC
State Changed
From-To: open->feedback

Awaiting maintainers feedback
Comment 2 Rui Lopes 2006-07-11 12:19:17 UTC
Please apply the patch on this PR ASAP.

Thanks!

Best regards,
Rui Lopes
Comment 3 Ion-Mihai "IOnut" Tetcu freebsd_committer 2006-07-11 12:29:31 UTC
Responsible Changed
From-To: freebsd-ports-bugs->itetcu

Ady, why not from the RoFUG address :) ?
Comment 4 Ion-Mihai "IOnut" Tetcu freebsd_committer 2006-07-11 14:05:40 UTC
State Changed
From-To: feedback->closed

Committed. Thanks!