According to the trac Changelog (http://trac.edgewall.org/wiki/ChangeLog), the 0.9.x releases below 0.9.6 and 0.10.x releases below 0.10.1 are security fixes.
Dapper still has the 0.9.3 release of trac, which is vulnerable. The Ubuntu security team won't handle this one directly (https://wiki.ubuntu.com/SecurityUpdateProcedures#head- 956470dacaf2223cce3b465cf2820daf9ac19c62), so I'm hoping that one of the backporters will take the initiative... ** Changed in: trac (Ubuntu) Status: Unconfirmed => Confirmed -- please backport trac 0.10.2 from feisty to dapper https://launchpad.net/bugs/75895 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs