[ubuntu/precise-security] request-tracker4 4.0.4-2ubuntu0.1 (Accepted)

Dominic Hargreaves dom at earth.li
Thu Jun 21 14:03:41 UTC 2012


request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low

  * Multiple security fixes for:
    - XSS vulnerabilities (CVE-2011-2083)
    - information disclosure vulnerabilities including password hash
      exposure and correspondence disclosure to privileged users
      (CVE-2011-2084)
    - CSRF vulnerabilities allowing information disclosure,
      privilege escalation, and arbitrary code execution. Original
      behaviour may be restored by setting $RestrictReferrer to 0 for
      installations which rely on it (CVE-2011-2085)
    - remote code execution vulnerabilities including in VERP
      functionality (CVE-2011-4458)
  * Add vulnerable-password and clean-user-txns scripts to accompany
    above fixes, and run in postinst

Date: Mon, 04 Jun 2012 14:17:58 +0100
Changed-By: Dominic Hargreaves <dom at earth.li>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/request-tracker4/4.0.4-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 04 Jun 2012 14:17:58 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite
Architecture: source
Version: 4.0.4-2ubuntu0.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dominic Hargreaves <dom at earth.li>
Description: 
 request-tracker4 - extensible trouble-ticket tracking system
 rt4-apache2 - Apache 2 specific files for request-tracker4
 rt4-clients - mail gateway and command-line interface to request-tracker4
 rt4-db-mysql - MySQL database backend for request-tracker4
 rt4-db-postgresql - PostgreSQL database backend for request-tracker4
 rt4-db-sqlite - SQLite database backend for request-tracker4
Changes: 
 request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
 .
   * Multiple security fixes for:
     - XSS vulnerabilities (CVE-2011-2083)
     - information disclosure vulnerabilities including password hash
       exposure and correspondence disclosure to privileged users
       (CVE-2011-2084)
     - CSRF vulnerabilities allowing information disclosure,
       privilege escalation, and arbitrary code execution. Original
       behaviour may be restored by setting $RestrictReferrer to 0 for
       installations which rely on it (CVE-2011-2085)
     - remote code execution vulnerabilities including in VERP
       functionality (CVE-2011-4458)
   * Add vulnerable-password and clean-user-txns scripts to accompany
     above fixes, and run in postinst
Checksums-Sha1: 
 727406b8124cd5244819c383fe49b92edd5661d4 2799 request-tracker4_4.0.4-2ubuntu0.1.dsc
 28a203cce5c55a2cc5a17f13323735a5d37f9de1 103789 request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Checksums-Sha256: 
 328bdaa7274896e184265da7b2c85384d2fd62ba7a9c39becd4b7721f2b7553f 2799 request-tracker4_4.0.4-2ubuntu0.1.dsc
 c3a442eda16da9e2637b6e77515e182f84a33f35e08c4151af68a9094dd6c487 103789 request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Files: 
 e397618acf18a57e8d39fdb8993b17f7 2799 misc optional request-tracker4_4.0.4-2ubuntu0.1.dsc
 d58550f4e6d7686735cc4232096c4cef 103789 misc optional request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers at lists.alioth.debian.org>


More information about the Precise-changes mailing list