Recent Features
| |||||||||||||
Debian alert DSA-1152-1 (trac)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1152-1 security@debian.org http://www.debian.org/security/ Martin Schulze August 18th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : trac Vulnerability : missing input sanitising Problem type : remote Debian-specific: no CVE ID : CVE-2006-3695 Felix Wiemann discovered that trac, an enhanced Wiki and issue tracking system for software development projects, can be used to disclose arbitrary local files. To fix this problem, python-docutils needs to be updated as well. For the stable distribution (sarge) this problem has been fixed in version 0.8.1-3sarge5 of trac and version 0.3.7-2sarge1 of python-docutils. For the unstable distribution (sid) this problem has been fixed in version 0.9.6-1. We recommend that you upgrade your trac and python-docutils packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 777 34aa13e1031f1aa26b9dee81a589c5ea http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 30438 52144273352f410be37bcedf90241a54 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 679649 e0713c07d766cec04b7a36047dac558c http://security.debian.org/pool/updates/main/t/trac/trac_... Size/MD5 checksum: 656 9294e113a8875efb049442aac4a0f378 http://security.debian.org/pool/updates/main/t/trac/trac_... Size/MD5 checksum: 13250 e00671c1f4203a5c93fba3f686a7dc1b http://security.debian.org/pool/updates/main/t/trac/trac_... Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d Architecture independent components: http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 614676 859beee07adfd84da242a5c47f1209fe http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 9942 3547f270109d5827073ba964f32863b8 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 21000 8e265bcf42aa1a01c694bacc62010692 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 9616 0a2c510802b0f97fc0289e1b968e3da1 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 4120 2ffb02ad0c4f8640a85f61182cd2a4d5 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 9614 d4f027f3eb69b465518ecc332fd1a0b6 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 4096 2824761a0ee91eee5bd6b09046962f01 http://security.debian.org/pool/updates/main/p/python-doc... Size/MD5 checksum: 4096 101eff5703e7627f83e2548ba0c9f1cb http://security.debian.org/pool/updates/main/t/trac/trac_... Size/MD5 checksum: 198722 243326446e719c452efdda55bd976159 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE5YYgW5ql+IAeqTIRAoYTAJ9gSb3/x841JW8r2BD+t70N+mIIgwCgmnLP bn0JOQ+noKe90oOHXeiILFE= =0yxZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org (Log in to post comments)
|
|||||||||||||