I don't know if this has been brought up on this list yet... I didn't
see it in the archives for July '08. I am wondering when there will be a
later version of trac (0.10.5 or later) in the EPEL repositories.
Los Alamos National Lab
*Vulnerability : Trac quickjump Cross-Site Redirection - Medium
*Description : *
The remote host is running Trac, an enhanced wiki and issue tracking
system for software development projects.
The version of Trac installed on the remote host fails to sanitize user
input to the q parameter of the search script before using it in an
unfiltered and unmanaged fashion in a redirect. An attacker may be able
to use an open redirect such as this to trick people into visiting
malicious sites, which could lead to phishing attacks, browser exploits,
or drive-by malware downloads.
*Fix : *
Upgrade to Trac version 0.11.0 / 0.10.5 or later.