There was one SQL injection and some more small bugs in DTC that needed immediate attention. I’m kinda happy because these finally pushed a more current version of DTC into Debian. The upgrade would have gone flawless, but suddenly i couldn’t use the admin login anymore. Turns out I still had a password popup open in a different browser tab which meant I didn’t get one in the tab I was in.
I was just getting afraid there would be an issue in mod_security but no, it’s doing it’s job like a champ!
More info / advisory at:
Another update of DTC in GPLHost repository will be made to fix the issue (probably version 0.32.11), but I do not plan to fix the Lenny version for a so tiny issue (without much consequences) that is easily fixable by hand.
I was thinking What the fuck they’re not fixing it? for 30 minutes now until I understood, the stats will be broken unless the patch is applied. Reverse check: The security issue is gone if your stats are gone, too.