Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.

Related bugs and status

CVE-2005-2147 (Candidate) is related to these bugs:

Bug #1559: Trac 0.8 has known security holes; please rebuild 0.8.4

		In	Importance	Status
1559	Trac 0.8 has known security holes; please rebuild 0.8.4	trac (Ubuntu)	Medium	Fix Released
1559	Trac 0.8 has known security holes; please rebuild 0.8.4	trac (Ubuntu Breezy)	Medium	Fix Released
1559	Trac 0.8 has known security holes; please rebuild 0.8.4	trac (Ubuntu Hoary)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.hardened-ph...
DEBIAN: DSA-739
BID: 13990
SECUNIA: 15752