high
7.5
CWE
89
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2009-4405: SQL Injection

First published: Sun Nov 29 2009(Updated: )

Description of problem: The latest upstream version is 0.11.6 (released yesterday). The current Fedora 12 (and rawhide version) is 0.11.4. Version-Release number of selected component (if applicable): trac-0.11.4-2.fc12.src.rpm Expected results: To have trac 0.11.6 available for F-12 and rawhide. Additional info: Release notes from versions 0.11.5 and 0.11.6: ---------- <a href="http://trac.edgewall.org/browser/tags/trac-0.11.5/RELEASE">http://trac.edgewall.org/browser/tags/trac-0.11.5/RELEASE</a> ---------- Changes in 0.11.5 * Implemented pre-upgrade backup support for PostgreSQL and MySQL (#2304) * Fixed PostgreSQL upgrade issue (#8378) * More robust diff parsing (#2672) * Avoid intermittent hangs by not calling apr_terminate explicitly (#7785) * Fixed display of merge properties for scoped repositories #7715. ---------- <a href="http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE">http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE</a> ---------- Changes in 0.11.6 * Fixed the policy checks in report results when using alternate formats. * Added a check for the "raw" role that is missing in docutils &lt; 0.6. * Re-enabled connection pooling with SQLite (#3446). * Added caching of configuration options (#8510). * Fixed the "database is locked" issue with SQLite (#3446, #8468). * Deprecated SQLite 2.x support (#8625). * Fixed hanlding of times in timezones with DST (#8240). * Avoid corruption of trac.ini during write (#8623). * Improved support for revision ranges in the revision log view (#8349) ----------

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Edgewall Trac=0.10-rc1
Edgewall Trac=0.5
Edgewall Trac=0.10.3
Edgewall Trac=0.10.3-rc1
Edgewall Trac=0.10.4
Edgewall Trac=0.5.1
Edgewall Trac=0.11.4-rc2
Edgewall Trac=0.6.1
Edgewall Trac=0.9.3
Edgewall Trac=0.10.3.1
Edgewall Trac=0.11.4
Edgewall Trac=0.8.4
Edgewall Trac=0.8.2
Edgewall Trac=0.11.1
Edgewall Trac=0.10.5
Edgewall Trac=0.9.6
Edgewall Trac=0.6
Edgewall Trac=0.11.5-rc2
Edgewall Trac=0.10.2
Edgewall Trac=0.11.3
Edgewall Trac=0.8
Edgewall Trac=0.8.3
Edgewall Trac<=0.11.5
Edgewall Trac=0.11-b1
Edgewall Trac=0.7.1
Edgewall Trac=0.11-rc1
Edgewall Trac=0.11.5-rc1
Edgewall Trac=0.11-b2
Edgewall Trac=0.9.1
Edgewall Trac=0.9.4
Edgewall Trac=0.11.4-rc1
Edgewall Trac=0.5.2
Edgewall Trac=0.10-beta1
Edgewall Trac=0.8.1
Edgewall Trac=0.9
Edgewall Trac=0.11
Edgewall Trac=0.50.9
Edgewall Trac=0.11-rc2
Edgewall Trac=0.9.2
Edgewall Trac=0.10.1
Edgewall Trac=0.9.5
Edgewall Trac=0.11.2.1
Edgewall Trac=0.10
Edgewall Trac=0.7
Edgewall Trac=0.11.2
redhat/0.11.6<1.
1.
pip/trac<0.11.6
0.11.6

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203