[ubuntu/oneiric-security] request-tracker4 4.0.1-1ubuntu0.1 (Accepted)
Dominic Hargreaves
dom at earth.li
Thu Jun 21 14:03:51 UTC 2012
request-tracker4 (4.0.1-1ubuntu0.1) oneiric-security; urgency=low
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Date: Mon, 07 May 2012 14:16:20 +1000
Changed-By: Dominic Hargreaves <dom at earth.li>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/request-tracker4/4.0.1-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 May 2012 14:16:20 +1000
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite
Architecture: source
Version: 4.0.1-1ubuntu0.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dominic Hargreaves <dom at earth.li>
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
Changes:
request-tracker4 (4.0.1-1ubuntu0.1) oneiric-security; urgency=low
.
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Checksums-Sha1:
6b106f1609aeb7c741bd417750bbfe4491bec8c3 2545 request-tracker4_4.0.1-1ubuntu0.1.dsc
9005ce9b03a33beaa3f2cc7c79454e81d3492ba6 102732 request-tracker4_4.0.1-1ubuntu0.1.debian.tar.gz
Checksums-Sha256:
9ad584023c02fd03b07dd1b23ef4ed29c321f36702268302d38395fd2aa970b1 2545 request-tracker4_4.0.1-1ubuntu0.1.dsc
4f07d5912f1db021bc6496896b1b3312a699a14f01615ee90f0bff908e74f24b 102732 request-tracker4_4.0.1-1ubuntu0.1.debian.tar.gz
Files:
38c4dad2e4d74d824e498ba6f04d17ad 2545 misc optional request-tracker4_4.0.1-1ubuntu0.1.dsc
6f694ccbb0e9bb4134e06c956b1e0b9a 102732 misc optional request-tracker4_4.0.1-1ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers at lists.alioth.debian.org>
More information about the Oneiric-changes
mailing list