[ubuntu/natty] request-tracker3.8 3.8.10-1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Wed Apr 20 14:11:49 UTC 2011
request-tracker3.8 (3.8.10-1) unstable; urgency=high
* New upstream release; includes multiple security fixes
(Closes: #622774):
- Remote code execution in external custom fields (CVE-2011-1685)
- Information disclosure via SQL injection (CVE-2011-1686)
- Information disclosure via search interface (CVE-2011-1687)
- Information disclosure via directory traversal (CVE-2011-1688)
- User javascript execution via XSS vulnerability (CVE-2011-1689)
- Authentication credentials theft (CVE-2011-1690)
* Update Standards-Version (no changes)
request-tracker3.8 (3.8.9-1) unstable; urgency=low
* New upstream release; includes:
- fastcgi_server now honours "-s" flag (Closes: #597496)
* Remove patches 10_rt_confdir, 40_versioned_use_webmux,
60_rtaddressregexp_not_error, 74_salted_passwords included upstream
* Remove long-obsoleted patch 09_commandline (Closes: #592794)
* Remove Debian-specific installation of vulnerable-passwords
script now included upstream, and update postinst accordingly
* Update Standards-Version (no changes)
* Include some additional utility manpages from RT 4 to fix missing
manpage Lintian warnings
* Include BSD license text in debian/copyright (thanks, Lintian)
* Remove some .in files mistakenly installed in
/usr/share/request-tracker3.8/etc/upgrade
Date: Wed, 20 Apr 2011 13:52:24 +0000
Changed-By: Scott Kitterman <ubuntu at kitterman.com>
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers at lists.alioth.debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/natty/+source/request-tracker3.8/3.8.10-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Wed, 20 Apr 2011 13:52:24 +0000
Source: request-tracker3.8
Binary: request-tracker3.8, rt3.8-clients, rt3.8-apache2, rt3.8-db-postgresql, rt3.8-db-mysql, rt3.8-db-sqlite
Architecture: source
Version: 3.8.10-1
Distribution: natty
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers at lists.alioth.debian.org>
Changed-By: Scott Kitterman <ubuntu at kitterman.com>
Description:
request-tracker3.8 - extensible trouble-ticket tracking system
Closes: 592794 597496 622774
Files:
00c147d71476d032d33dbad76bdc06ff 5642566 misc optional request-tracker3.8_3.8.10.orig.tar.gz
b8e64ea9a36162232d40ba03438c1b1f 1603 misc optional request-tracker3.8_3.8.10-1.dsc
48ebb61a57cf6078b6b30088c815ba6b 73996 misc optional request-tracker3.8_3.8.10-1.diff.gz
Changes:
request-tracker3.8 (3.8.10-1) unstable; urgency=high
.
* New upstream release; includes multiple security fixes
(Closes: #622774):
- Remote code execution in external custom fields (CVE-2011-1685)
- Information disclosure via SQL injection (CVE-2011-1686)
- Information disclosure via search interface (CVE-2011-1687)
- Information disclosure via directory traversal (CVE-2011-1688)
- User javascript execution via XSS vulnerability (CVE-2011-1689)
- Authentication credentials theft (CVE-2011-1690)
* Update Standards-Version (no changes)
.
request-tracker3.8 (3.8.9-1) unstable; urgency=low
.
* New upstream release; includes:
- fastcgi_server now honours "-s" flag (Closes: #597496)
* Remove patches 10_rt_confdir, 40_versioned_use_webmux,
60_rtaddressregexp_not_error, 74_salted_passwords included upstream
* Remove long-obsoleted patch 09_commandline (Closes: #592794)
* Remove Debian-specific installation of vulnerable-passwords
script now included upstream, and update postinst accordingly
* Update Standards-Version (no changes)
* Include some additional utility manpages from RT 4 to fix missing
manpage Lintian warnings
* Include BSD license text in debian/copyright (thanks, Lintian)
* Remove some .in files mistakenly installed in
/usr/share/request-tracker3.8/etc/upgrade
More information about the Natty-changes
mailing list