Copied from
ubuntu precise in
Private PPA for Ubuntu Security Team
Changelog
request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
-- Dominic Hargreaves <email address hidden> Mon, 04 Jun 2012 14:17:58 +0100