PublicDate: 2007-01-29 20:28:00 UTC
Candidate: CVE-2007-0347
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0347
Description:
 The is_eow function in format.c in CVSTrac before 2.0.1 does not properly
 check for the "'" (quote) character, which allows remote authenticated
 users to execute limited SQL injection attacks and cause a denial of
 service (database error) via a ' character in certain messages, tickets, or
 Wiki entries.
Ubuntu-Description: 
Notes: 
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs: 
#sid_PKG:
#dapper_PKG:
#edgy_PKG:
#feisty_PKG:
#devel_PKG:
dapper_cvstrac: ignored (reached end-of-life)
edgy_cvstrac: needed (reached end-of-life)
feisty_cvstrac: needed (reached end-of-life)
gutsy_cvstrac: needed (reached end-of-life)
hardy_cvstrac: not-affected (2.0.1-2)
intrepid_cvstrac: not-affected (2.0.1-2)
jaunty_cvstrac: not-affected (2.0.1-2)
karmic_cvstrac: not-affected (2.0.1-2)
devel_cvstrac: not-affected (2.0.1-2)
upstream_cvstrac: released (2.0.1)