request-tracker3.6 3.6.5-1ubuntu0.1 source package in Ubuntu


request-tracker3.6 (3.6.5-1ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: support salted passwords in database and upgrade
    unsalted passwords (CVE-2011-0009)
    - LP: #750339
  * Security fix: only allow SuperUsers to edit global RT at a Glance
  * Security fix: escape custom field values before display to prevent
    XSS attack
  * Security fix for session fixation vulnerability (CVE-2009-3585,
  * Security fix: fix information leakage in scrips (CVE-2011-1008)
  * Multiple security fixes for:
     - Information disclosure via SQL injection (CVE-2011-1686)
     - Information disclosure via search interface (CVE-2011-1687)
     - Information disclosure via directory traversal (CVE-2011-1688)
     - User javascript execution via XSS vulnerability (CVE-2011-1689)
     - Authentication credentials theft (CVE-2011-1690)
     - XSS relating to login credentials
 -- Dominic Hargreaves <email address hidden>   Sun, 29 May 2011 14:38:31 +0100

Upload details

Uploaded by:
Dominic Hargreaves on 2011-06-08
Sponsored by:
Jamie Strandboge
Uploaded to:
Original maintainer:
Ubuntu Developers
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section


Hardy: [FULLYBUILT] i386


File Size MD5 Checksum
request-tracker3.6_3.6.5.orig.tar.gz 1.6 MiB e935ef70ad72e6b9cdaea781b676a4cd
request-tracker3.6_3.6.5-1ubuntu0.1.diff.gz 31.4 KiB 5bf044190263a56c851f2d4ee029aed9
request-tracker3.6_3.6.5-1ubuntu0.1.dsc 1.6 KiB 40f9aba65f670e33b9fdea4615d6f60c

View changes file

Binary packages built by this source

request-tracker3.6: Extensible trouble-ticket tracking system

 Request Tracker (RT) is an enterprise-grade ticketing system which
 enables a group of people to intelligently and efficiently manage
 tasks, issues, and requests submitted by a community of users. It
 features a web, email and command-line interfaces (see the package
 This is the 3.6 series of RT, it can be installed alongside the 3.4
 series without any problems.
 Written in object-oriented Perl, RT is a high-level, portable,
 platform independent system that eases collaboration within
 organizations and makes it easy for them to take care of their
 RT manages key tasks such as the identification, prioritization,
 assignment, resolution and notification required by
 enterprise-critical applications including project management, help
 desk, NOC ticketing, CRM and software development.

rt3.6-apache2: Apache 2 specific files for request-tracker3.6

 This package provides various configuration files and manages the
 necessary dependencies for running request tracker (RT) version 3.6
 on the Apache 2 web server.
 See the 'request-tracker3.6' package for further information.

rt3.6-clients: Mail gateway and command-line interface to request-tracker3.6

 Install this package onto the mail server so it can inject tickets into
 request-tracker3.6 using rt-mailgate.
 Install it onto any machine on which you want to use the 'rt'
 command-line interface.
 See the 'request-tracker3.6' package for further information.