Trac 0.9.1 and 0.9.2 to fix SQL injection vulnerabilities, 0.9.3 – XSS vulnerabilities
Bug #5297 reported by
chastell
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
Invalid
|
Medium
|
Unassigned | ||
trac (Ubuntu) |
Fix Released
|
High
|
MOTU | ||
Hoary |
Invalid
|
Medium
|
Unassigned | ||
Breezy |
Invalid
|
Medium
|
Unassigned |
Bug Description
Debian’s trac changelog:
trac (0.9.3-1) unstable; urgency=high
* New upstream release.
* Security update (thus urgengy high), fixing:
- Fixed XSS vulnerabilities.
* Also, fixes:
- Timeline RSS feed validity issue resolved.
- "trac-admin initenv" now handles empty repositories.
- Textile unicode support.
trac (0.9.2-1) unstable; urgency=high
* New upstream release.
* Security update (urgency high), fixing:
- an SQL injection vulnerability in the search module.
- broken email ticket notifications.
trac (0.9.1-1) unstable; urgency=HIGH
* New upstream release
- Fix a SQL injection security bug.
Changed in trac: | |
assignee: | nobody → motu |
Changed in trac: | |
status: | Fix Released → Confirmed |
To post a comment you must log in.
Trac 0.9.2 fixes another SQL injection and has just been packaged in Debian.