Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. The old stable distribution does not contain a trac-git package. For the stable distribution , this problem has been fixed in version 0.0.20080710-3+lenny1. For the unstable distribution and the testing distribution , this problem has been fixed in version 0.0.20090320-1. We recommend that you upgrade your trac-git package.