FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

trac -- reStructuredText breach of privacy and denial of service vulnerability

Affected packages
ja-trac < 0.9.6
trac < 0.9.6

Details

VuXML ID b0d61f73-0e11-11db-a47b-000c2957fdf1
Discovery 2006-07-06
Entry 2006-07-07
Modified 2010-05-12

The Trac 0.9.6 Release Notes reports:

Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann.

The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of this version version 0.3.9 or greater of docutils is required for using reStructuredText markup in Trac.

[source]

References

CVE Name CVE-2005-3980
CVE Name CVE-2005-4065
CVE Name CVE-2005-4305
Message http://lists.edgewall.com/archive/trac-announce/2006-July/000013.html
URL http://projects.edgewall.com/trac/wiki/ChangeLog

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.