Hi. On Tue, Jan 26, 21:49:42 +0100, Stefan Göbel wrote: > The trac-git package in Debian Lenny - if enabled in Trac - allows a > remote attacker to execute arbitrary commands on the system with the > rights of the user running Trac. The attacker must have the rights to > browse the repository in order to exploit this issue, other parts of > Trac are most likely not affected. > > The attached patch fixes the problem, it is not thoroughly tested, > though, but seems to work fine on my test system with a few Git > repositories.
Sorry for the delay in responding, I've been away from my emails for a few days, but I'm back now. Anyway, thanks for this and the patch. I just wanted to note that I'd not ignored this and I'll try and get something out today. Cheerio, -- Jonny Lamb, UK jo...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
