DSA-1990-2 trac-git -- shell command injectionID: oval:org.secpod.oval:def:600022 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
The trac-git package released in DSA-1990-1 had a wrong dependency that could not be satisfied in Debian stable. This update corrects this problem. For reference, the original advisory text is provided below. Stefan Goebel discovered that the Debian version of trac-git, the Git add-on for the Trac issue tracking system, contains a flaw which enables attackers to execute code on the web server running trac-git by sending crafted HTTP queries. The old stable distribution does not contain a trac-git package. For the stable distribution , this problem has been fixed in version 0.0.20080710-3+lenny2. For the unstable distribution and the testing distribution , this problem has been fixed in version 0.0.20090320-1.