[ubuntu/precise-security] request-tracker4 4.0.4-2ubuntu0.1 (Accepted)
Dominic Hargreaves
dom at earth.li
Thu Jun 21 14:03:41 UTC 2012
request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Date: Mon, 04 Jun 2012 14:17:58 +0100
Changed-By: Dominic Hargreaves <dom at earth.li>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/request-tracker4/4.0.4-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Mon, 04 Jun 2012 14:17:58 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite
Architecture: source
Version: 4.0.4-2ubuntu0.1
Distribution: precise-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dominic Hargreaves <dom at earth.li>
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
Changes:
request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
.
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Checksums-Sha1:
727406b8124cd5244819c383fe49b92edd5661d4 2799 request-tracker4_4.0.4-2ubuntu0.1.dsc
28a203cce5c55a2cc5a17f13323735a5d37f9de1 103789 request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Checksums-Sha256:
328bdaa7274896e184265da7b2c85384d2fd62ba7a9c39becd4b7721f2b7553f 2799 request-tracker4_4.0.4-2ubuntu0.1.dsc
c3a442eda16da9e2637b6e77515e182f84a33f35e08c4151af68a9094dd6c487 103789 request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Files:
e397618acf18a57e8d39fdb8993b17f7 2799 misc optional request-tracker4_4.0.4-2ubuntu0.1.dsc
d58550f4e6d7686735cc4232096c4cef 103789 misc optional request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers at lists.alioth.debian.org>
More information about the Precise-changes
mailing list