Your message dated Thu, 09 Nov 2006 03:17:17 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#397683: fixed in trac 0.10.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: trac
Version: 0.10-3dkg1
Severity: grave
Tags: security
Justification: user security hole
Trac 0.10.1 is now available. It contains a fix for a CSRF
vulnerability:
http://trac.edgewall.org/wiki/TracDownload
It would be great if this new version could make it into debian soon.
Thanks for maintaining trac in debian!
--dkg
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages trac depends on:
ii python 2.4.3-11 An interactive high-level object-o
ii python-clearsilver 0.10.3-4 python bindings for clearsilver
ii python-pysqlite2 2.3.2-1 python interface to SQLite 3
ii python-subversion 1.4.0-5 Python bindings for Subversion
ii python-support 0.5.4 automated rebuilding support for p
ii subversion 1.4.0-5 Advanced version control system
Versions of packages trac recommends:
ii apache2 2.2.3-3 Next generation, scalable, extenda
ii apache2-mpm-prefork [httpd] 2.2.3-3 Traditional model for Apache HTTPD
pn python-setuptools <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: trac
Source-Version: 0.10.1-1
We believe that the bug you reported is fixed in the latest version of
trac, which is due to be installed in the Debian FTP archive:
trac_0.10.1-1.diff.gz
to pool/main/t/trac/trac_0.10.1-1.diff.gz
trac_0.10.1-1.dsc
to pool/main/t/trac/trac_0.10.1-1.dsc
trac_0.10.1-1_all.deb
to pool/main/t/trac/trac_0.10.1-1_all.deb
trac_0.10.1.orig.tar.gz
to pool/main/t/trac/trac_0.10.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jesus Climent <[EMAIL PROTECTED]> (supplier of updated trac package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 9 Nov 2006 11:53:53 +0200
Source: trac
Binary: trac
Architecture: source all
Version: 0.10.1-1
Distribution: unstable
Urgency: high
Maintainer: Jesus Climent <[EMAIL PROTECTED]>
Changed-By: Jesus Climent <[EMAIL PROTECTED]>
Description:
trac - Enhanced wiki and issue tracking system for software development
Closes: 397683 397725
Changes:
trac (0.10.1-1) unstable; urgency=high
.
* New Upstream Release (Closes: #397683)
* Depend on python-psycopg2 (Closes: #397725)
* Security fix, hence urgency=high. No DSA or CVS available yet.
* Upstream changes (most important ones):
- fixed CSRF vulnerability
- better database handling
- only TICKET_ADMIN can assign a passed milestone to a ticket
- failed to upload attachments
- more (comprehensive list can be found at
http://trac.edgewall.org/query?status=closed&milestone=0.10.1)
Files:
fb668f2aaf4d87edda38e9ebd39df3fa 706 web optional trac_0.10.1-1.dsc
55e10547c92cf39d64ab7ae4040c238d 439941 web optional trac_0.10.1.orig.tar.gz
2a7e1d9396e161c958cc8192f43c1704 7783 web optional trac_0.10.1-1.diff.gz
8f575b632aad2b9cfbabe3d7a41b1016 382038 web optional trac_0.10.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFUwiRZvwdf4aUbWkRAkPSAKDFmAReUtN2gpM/WB2UcY9j/HmhOwCfTqzg
CWGhNR242YvxkOqkBnn6Nv4=
=HC1L
-----END PGP SIGNATURE-----
--- End Message ---
