pkg/32320: www/trac 0.9 have two SQL injection vulnerabilities, should update.

To: pkg-manager%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/32320: www/trac 0.9 have two SQL injection vulnerabilities, should update.
From: obata%lins.jp@localhost
Date: Sat, 17 Dec 2005 03:10:00 +0000 (UTC)

>Number:         32320
>Category:       pkg
>Synopsis:       www/trac 0.9 have two SQL injection vulnerabilities, should 
>update.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Sat Dec 17 03:10:00 +0000 2005
>Originator:     OBATA Akio
>Release:        NetBSD 2.1.0_STABLE
>Organization:
        LINS, Japan.
>Environment:
System: NetBSD miki.lins.jp 2.1.0_STABLE NetBSD 2.1.0_STABLE (MIKI) #5: Thu Nov 
3 11:46:27 JST 2005 
obata%miki.lins.jp@localhost:/usr/src/sys/arch/i386/compile/MIKI i386
Architecture: i386
Machine: i386
>Description:
        Trac 0.9 have two SQL injection vulnerabulities.

        Here is a ChangeLog from 0.9 to 0.9.2

        ======================================================================
        Trac 0.9.2  (Dec 5, 2005)
        http://svn.edgewall.com/repos/trac/tags/trac-0.9.2

         * Fixed SQL injection vulnerability in ticket search module.
         * Fixed broken ticket email notifications.

        Trac 0.9.1  (Dec 1, 2005)
        http://svn.edgewall.com/repos/trac/tags/trac-0.9.1

         * Fixed SQL injection vulnerability in ticket query module.
         * Fixed bugs: #1633, #2167, #2283, #2284, #2285, #2291, #2292, #2300,
           #2318, #2329, #2366, #2369, #2373, #2383, #2416, #2457
        ======================================================================

        And HTTP master site is down now, so failed to download.
        FTP master site is avaiable.

>How-To-Repeat:
        N/A
>Fix:
        Here is a patch for update from 0.9 to 0.9.2 and add ftp master site.

Index: www/trac/Makefile
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/Makefile,v
retrieving revision 1.13
diff -u -r1.13 Makefile
--- www/trac/Makefile   3 Nov 2005 23:04:29 -0000       1.13
+++ www/trac/Makefile   17 Dec 2005 02:42:17 -0000
@@ -1,9 +1,10 @@
 # $NetBSD: Makefile,v 1.13 2005/11/03 23:04:29 epg Exp $
 #
 
-DISTNAME=      trac-0.9
+DISTNAME=      trac-0.9.2
 CATEGORIES=    devel www
-MASTER_SITES=  http://ftp.edgewall.com/pub/trac/
+MASTER_SITES=  http://ftp.edgewall.com/pub/trac/ \
+               ftp://ftp.edgewall.com/pub/trac/
 
 MAINTAINER=    epg%NetBSD.org@localhost
 HOMEPAGE=      http://www.edgewall.com/products/trac/
Index: www/trac/distinfo
===================================================================
RCS file: /home/cvsroot/NetBSD/pkgsrc/www/trac/distinfo,v
retrieving revision 1.11
diff -u -r1.11 distinfo
--- www/trac/distinfo   3 Nov 2005 23:04:29 -0000       1.11
+++ www/trac/distinfo   17 Dec 2005 02:42:57 -0000
@@ -1,6 +1,6 @@
 $NetBSD: distinfo,v 1.11 2005/11/03 23:04:29 epg Exp $
 
-SHA1 (trac-0.9.tar.gz) = 61ee8db9d3aba7dd1e63ac4c4c852cf62d013323
-RMD160 (trac-0.9.tar.gz) = 44932caa9d68738b768b2b1de58364fb572eb270
-Size (trac-0.9.tar.gz) = 333250 bytes
+SHA1 (trac-0.9.2.tar.gz) = 31d0c4cbc1df9531ecc8ae6ed1698b8e7b9849c4
+RMD160 (trac-0.9.2.tar.gz) = b2bc5407fa53ad44c9f6bc5d33315b0aff0e41ff
+Size (trac-0.9.2.tar.gz) = 332266 bytes
 SHA1 (patch-aa) = 5d8c1c3e5416e73d6cc24a5a45d4ec7afdc4a095

>Unformatted:
                pkgsrc-current 2005-12-16

Prev by Date: Re: pkg/32099 (pkgsrc firefox problems on Solaris2.9: pango_x_font_map_for_display: referenced symbol not found)
Next by Date: Re: pkg/31086
Previous by Thread: Re: pkg/32099 (pkgsrc firefox problems on Solaris2.9: pango_x_font_map_for_display: referenced symbol not found)
Next by Thread: Re: pkg/31086
Indexes:

Home | Main Index | Thread Index | Old Index