2005-12-02 07:38:08 |
chastell |
bug |
|
|
added bug |
2005-12-03 09:56:25 |
Daniel Holbach |
trac: assignee |
|
motu |
|
2005-12-06 06:48:31 |
chastell |
description |
Debian’s trac 0.9.1-1 changelog:
trac (0.9.1-1) unstable; urgency=HIGH
* New upstream release
- Fix a SQL injection security bug.
Unfortunately, Trac’s site seems to be down at the moment. Please investigate the changes and consider backporting the fix to Breezy. |
Debian’s trac changelog:
trac (0.9.2-1) unstable; urgency=high
* New upstream release.
* Security update (urgency high), fixing:
- an SQL injection vulnerability in the search module.
- broken email ticket notifications.
trac (0.9.1-1) unstable; urgency=HIGH
* New upstream release
- Fix a SQL injection security bug.
|
|
2005-12-06 06:48:31 |
chastell |
title |
Trac 0.9.1 to fix a security hole? |
Trac 0.9.2 to fix an SQL injection vulnerability |
|
2005-12-06 06:52:34 |
chastell |
trac: priority |
|
High |
|
2005-12-06 06:52:34 |
chastell |
trac: severity |
Normal |
Major |
|
2005-12-06 06:52:34 |
chastell |
trac: statusexplanation |
|
Trac is quite popular and an SQL injection vulnerability in the search module (which is in most installations cases publicly accessible) sounds important. Please feel free to downgrade the severity and/or priority, if you feel I set it too high. |
|
2005-12-07 17:45:13 |
Daniel Holbach |
None: status |
New |
Rejected |
|
2005-12-07 17:45:13 |
Daniel Holbach |
None: statusexplanation |
|
File a bug for source package, not a distribution please. |
|
2006-01-09 06:28:13 |
chastell |
description |
Debian’s trac changelog:
trac (0.9.2-1) unstable; urgency=high
* New upstream release.
* Security update (urgency high), fixing:
- an SQL injection vulnerability in the search module.
- broken email ticket notifications.
trac (0.9.1-1) unstable; urgency=HIGH
* New upstream release
- Fix a SQL injection security bug.
|
Debian’s trac changelog:
trac (0.9.3-1) unstable; urgency=high
* New upstream release.
* Security update (thus urgengy high), fixing:
- Fixed XSS vulnerabilities.
* Also, fixes:
- Timeline RSS feed validity issue resolved.
- "trac-admin initenv" now handles empty repositories.
- Textile unicode support.
trac (0.9.2-1) unstable; urgency=high
* New upstream release.
* Security update (urgency high), fixing:
- an SQL injection vulnerability in the search module.
- broken email ticket notifications.
trac (0.9.1-1) unstable; urgency=HIGH
* New upstream release
- Fix a SQL injection security bug.
|
|
2006-01-09 06:28:13 |
chastell |
title |
Trac 0.9.2 to fix an SQL injection vulnerability |
Trac 0.9.1 and 0.9.2 to fix SQL injection vulnerabilities, 0.9.3 – XSS vulnerabilities |
|
2006-04-25 22:15:04 |
Dennis Kaarsemaker |
trac: status |
Unconfirmed |
Fix Released |
|
2006-04-25 22:15:04 |
Dennis Kaarsemaker |
trac: statusexplanation |
Trac is quite popular and an SQL injection vulnerability in the search module (which is in most installations cases publicly accessible) sounds important. Please feel free to downgrade the severity and/or priority, if you feel I set it too high. |
|
|
2006-04-25 22:15:39 |
Dennis Kaarsemaker |
trac: status |
Unconfirmed |
Rejected |
|
2006-04-25 22:15:39 |
Dennis Kaarsemaker |
trac: statusexplanation |
|
Hoary uses neither 0.9.1 nor 0.9.2 |
|
2006-04-25 22:15:56 |
Dennis Kaarsemaker |
trac: status |
Unconfirmed |
Rejected |
|
2006-04-25 22:15:56 |
Dennis Kaarsemaker |
trac: statusexplanation |
|
Breezy uses neither 0.9.1 nor 0.9.2 |
|
2006-04-26 09:45:07 |
Dennis Kaarsemaker |
bug |
|
|
added subscriber Martin Pitt |
2006-05-02 12:26:46 |
Dennis Kaarsemaker |
trac: status |
Fix Released |
Confirmed |
|
2006-10-22 13:53:00 |
Reinhard Tartler |
trac: status |
Confirmed |
Fix Released |
|
2006-10-22 13:53:00 |
Reinhard Tartler |
trac: statusexplanation |
|
edgy ships with 0.9.6, closing old bug |
|