request-tracker3.6 3.6.5-1ubuntu0.1 source package in Ubuntu

Changelog

request-tracker3.6 (3.6.5-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: support salted passwords in database and upgrade
    unsalted passwords (CVE-2011-0009)
    - LP: #750339
  * Security fix: only allow SuperUsers to edit global RT at a Glance
  * Security fix: escape custom field values before display to prevent
    XSS attack
  * Security fix for session fixation vulnerability (CVE-2009-3585,
    CVE-2009-4151)
  * Security fix: fix information leakage in scrips (CVE-2011-1008)
  * Multiple security fixes for:
     - Information disclosure via SQL injection (CVE-2011-1686)
     - Information disclosure via search interface (CVE-2011-1687)
     - Information disclosure via directory traversal (CVE-2011-1688)
     - User javascript execution via XSS vulnerability (CVE-2011-1689)
     - Authentication credentials theft (CVE-2011-1690)
     - XSS relating to login credentials
 -- Dominic Hargreaves <email address hidden>   Sun, 29 May 2011 14:38:31 +0100

Upload details

Uploaded by:
Dominic Hargreaves on 2011-06-08
Sponsored by:
Jamie Strandboge
Uploaded to:
Hardy
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
all
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Hardy: [FULLYBUILT] i386

Downloads

File Size MD5 Checksum
request-tracker3.6_3.6.5.orig.tar.gz 1.6 MiB e935ef70ad72e6b9cdaea781b676a4cd
request-tracker3.6_3.6.5-1ubuntu0.1.diff.gz 31.4 KiB 5bf044190263a56c851f2d4ee029aed9
request-tracker3.6_3.6.5-1ubuntu0.1.dsc 1.6 KiB 40f9aba65f670e33b9fdea4615d6f60c

View changes file

Binary packages built by this source

request-tracker3.6: No summary available for request-tracker3.6 in ubuntu hardy.

No description available for request-tracker3.6 in ubuntu hardy.

rt3.6-apache2: No summary available for rt3.6-apache2 in ubuntu hardy.

No description available for rt3.6-apache2 in ubuntu hardy.

rt3.6-clients: No summary available for rt3.6-clients in ubuntu hardy.

No description available for rt3.6-clients in ubuntu hardy.