Due to the data format incompatibility, putting the new version to -security or -updates doesn't sound very wise. The fixes should be ported to 0.8.x instead. However, I think it is a good idea to create a breezy-backport of trac, so that people who really need it can use it, but people who aren't aware of the data format change are not endangered to break their setups.
Putting 0.9.5 into dapper sounds sane, btw. -- Trac 0.9.1 and 0.9.2 to fix SQL injection vulnerabilities, 0.9.3 – XSS vulnerabilities https://launchpad.net/bugs/5297 -- universe-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/universe-bugs
