Publishing details

• Published on 2012-06-21
• Copied from ubuntu precise in Private PPA for Ubuntu Security Team

Changelog

request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low

  * Multiple security fixes for:
    - XSS vulnerabilities (CVE-2011-2083)
    - information disclosure vulnerabilities including password hash
      exposure and correspondence disclosure to privileged users
      (CVE-2011-2084)
    - CSRF vulnerabilities allowing information disclosure,
      privilege escalation, and arbitrary code execution. Original
      behaviour may be restored by setting $RestrictReferrer to 0 for
      installations which rely on it (CVE-2011-2085)
    - remote code execution vulnerabilities including in VERP
      functionality (CVE-2011-4458)
  * Add vulnerable-password and clean-user-txns scripts to accompany
    above fixes, and run in postinst
 -- Dominic Hargreaves <email address hidden>   Mon, 04 Jun 2012 14:17:58 +0100

Builds

• i386

Built packages

• request-tracker4 extensible trouble-ticket tracking system

• rt4-apache2 Apache 2 specific files for request-tracker4

• rt4-clients mail gateway and command-line interface to request-tracker4

• rt4-db-mysql MySQL database backend for request-tracker4

• rt4-db-postgresql PostgreSQL database backend for request-tracker4

• rt4-db-sqlite SQLite database backend for request-tracker4

Package files

• request-tracker4_4.0.4-2ubuntu0.1.debian.tar.gz (101.4 KiB)
• request-tracker4_4.0.4-2ubuntu0.1.dsc (2.7 KiB)
• request-tracker4_4.0.4-2ubuntu0.1_all.deb (3.7 MiB)
• request-tracker4_4.0.4.orig-third-party-source.tar.gz (786.4 KiB)
• request-tracker4_4.0.4.orig.tar.gz (5.7 MiB)
• rt4-apache2_4.0.4-2ubuntu0.1_all.deb (7.5 KiB)
• rt4-clients_4.0.4-2ubuntu0.1_all.deb (43.6 KiB)
• rt4-db-mysql_4.0.4-2ubuntu0.1_all.deb (6.8 KiB)
• rt4-db-postgresql_4.0.4-2ubuntu0.1_all.deb (6.8 KiB)
• rt4-db-sqlite_4.0.4-2ubuntu0.1_all.deb (6.9 KiB)