TITLE: Debian update for trac SECUNIA ADVISORY ID: SA18555 VERIFY ADVISORY: http://secunia.com/advisories/18555/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Debian GNU/Linux 3.1 http://secunia.com/product/5307/ Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ DESCRIPTION: Debian has issued an update for trac. This fixes two vulnerabilities, which can be exploited by malicious people to conduct script insertion and SQL injection attacks. For more information: SA18465 SA17894 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3.dsc Size/MD5 checksum: 656 cb4d61028dc622d02d3b8c0ff858416e http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3.diff.gz Size/MD5 checksum: 12672 6dfb5852433afe58057848058005497e http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz Size/MD5 checksum: 236791 1b6c44fae90c760074762b73cdc88c8d Architecture independent components: http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge3_all.deb Size/MD5 checksum: 198526 c8953db99c9532a6971163c91facedbc -- Debian GNU/Linux unstable alias sid -- Fixed in version 0.9.3-1. ORIGINAL ADVISORY: http://www.debian.org/security/2006/dsa-951 OTHER REFERENCES: SA18465: http://secunia.com/advisories/18465/ SA17894: http://secunia.com/advisories/17894/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------