Your message dated Fri, 02 Dec 2005 09:21:42 -0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#341697: trac: SQL Injection Vulnerability
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Dec 2005 10:52:52 +0000
>From [EMAIL PROTECTED] Fri Dec 02 02:52:52 2005
Return-path: <[EMAIL PROTECTED]>
Received: from urchin.earth.li ([193.201.200.73])
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ei8X6-0004NN-Od
for [EMAIL PROTECTED]; Fri, 02 Dec 2005 02:52:52 -0800
Received: from dom by urchin.earth.li with local (Exim 3.36 #1 (Debian))
id 1Ei8X5-0001hp-00
for <[EMAIL PROTECTED]>; Fri, 02 Dec 2005 10:52:51 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Dominic Hargreaves <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: trac: SQL Injection Vulnerability
X-Mailer: reportbug 3.8
Date: Fri, 02 Dec 2005 10:52:51 +0000
Message-Id: <[EMAIL PROTECTED]>
Sender: Dominic Hargreaves <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.5 required=4.0 tests=BAYES_10,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: trac
Version: 0.9-1
Severity: grave
Tags: security
Justification: user security hole
As reported on Bugtraq[0]:
Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.
PoC:
http://host/trac/query?group=/*
Vulnerable version:
Version tested is 0.9
Maybe 0.9 betas are also vulnerable
Solution:
Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload
Cheers,
Dominic.
[0] http://www.securityfocus.com/archive/1/418294/30/0/threaded
---------------------------------------
Received: (at 341697-done) by bugs.debian.org; 2 Dec 2005 11:31:11 +0000
>From [EMAIL PROTECTED] Fri Dec 02 03:31:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from covilha.procergs.com.br ([200.198.128.244])
by spohr.debian.org with esmtp (Exim 4.50)
id 1Ei8yg-0006tY-5A
for [EMAIL PROTECTED]; Fri, 02 Dec 2005 03:21:22 -0800
Received: from localhost (unknown [201.10.58.28])
by covilha.procergs.com.br (Postfix) with ESMTP id 7ACF11D3822F6;
Fri, 2 Dec 2005 09:21:02 -0200 (BRDT)
Received: by localhost (Postfix, from userid 1000)
id CA1221C0B6CB; Fri, 2 Dec 2005 09:21:42 -0200 (BRST)
From: Otavio Salvador <[EMAIL PROTECTED]>
To: Dominic Hargreaves <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#341697: trac: SQL Injection Vulnerability
Organization: O.S. Systems Ltda.
References: <[EMAIL PROTECTED]>
X-URL: http://www.debian.org/~otavio/
X-Attribution: O.S.
Date: Fri, 02 Dec 2005 09:21:42 -0200
In-Reply-To: <[EMAIL PROTECTED]> (Dominic Hargreaves's message
of "Fri, 02 Dec 2005 10:52:51 +0000")
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Dominic Hargreaves <[EMAIL PROTECTED]> writes:
> Package: trac
> Version: 0.9-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> As reported on Bugtraq[0]:
>
> Malicious user can conduct SQL injection in ticket query module
> because supplied 'group' URI data passed to the query script
> is not properly sanitized.
Thanks by reporting the issue but 0.9.1 is waiting in incoming and
should be available later today.
See you! ;-)
--
O T A V I O S A L V A D O R
---------------------------------------------
E-mail: [EMAIL PROTECTED] UIN: 5906116
GNU/Linux User: 239058 GPG ID: 49A5F855
Home Page: http://www.freedom.ind.br/otavio
---------------------------------------------
"Microsoft gives you Windows ... Linux gives
you the whole house."
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
