Change log for request-tracker3.8 package in Ubuntu
1 → 21 of 21 results | First • Previous • Next • Last |
Obsolete in oneiric-updates |
Obsolete in oneiric-security |
Deleted in oneiric-proposed (Reason: moved to -updates) |
request-tracker3.8 (3.8.10-1ubuntu0.1) oneiric-security; urgency=low * SECURITY UPDATE: Multiple security fixes (LP: #1004834): - Email header injection attack (CVE-2012-4730) - CSRF protection allows attack on bookmarks (CVE-2012-4732) - Confused deputy attack for non-logged-in users (CVE-2012-4734) - Multiple message signing/encryption attacks related to GnuPG (CVE-2012-4735) - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Fix the vulnerable-passwords script to also upgrade password hashes for disabled users, and rerun the script in postinst (CVE-2011-2082) * Include clean-user-txns script to accompany the above fixes, and run in postinst * Provide specific instructions for restarting a mod_perl based Apache server * debian/patches/60_misc_sec_regressions.dpatch: fix regression in rt-email-dashboards, and whitelist search results and calendar helper from CSRF protection -- Marc Deslauriers <email address hidden> Fri, 09 Nov 2012 15:08:36 -0500
Available diffs
Published in precise-updates |
Published in precise-security |
Deleted in precise-proposed (Reason: moved to -updates) |
request-tracker3.8 (3.8.11-1ubuntu0.1) precise-security; urgency=low [ Dominic Hargreaves ] * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Fix the vulnerable-passwords script to also upgrade password hashes for disabled users, and rerun the script in postinst (CVE-2011-2082) * Include clean-user-txns script to accompany the above fixes, and run in postinst * Provide specific instructions for restarting a mod_perl based Apache server [ Marc Deslauriers ] * debian/patches/60_misc_sec_regressions.dpatch: fix regression in rt-email-dashboards, and whitelist search results and calendar helper from CSRF protection * SECURITY UPDATE: Multiple security fixes (LP: #1004834): - Email header injection attack (CVE-2012-4730) - CSRF protection allows attack on bookmarks (CVE-2012-4732) - Confused deputy attack for non-logged-in users (CVE-2012-4734) - Multiple message signing/encryption attacks related to GnuPG (CVE-2012-4735) - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) -- Marc Deslauriers <email address hidden> Fri, 09 Nov 2012 15:08:36 -0500
Available diffs
Obsolete in lucid-updates |
Obsolete in lucid-security |
Deleted in lucid-proposed (Reason: moved to -updates) |
request-tracker3.8 (3.8.7-1ubuntu2.3) lucid-security; urgency=low [ Dominic Hargreaves ] * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Fix the vulnerable-passwords script to also upgrade password hashes for disabled users, and rerun the script in postinst (CVE-2011-2082) * Include clean-user-txns script to accompany the above fixes, and run in postinst * Provide specific instructions for restarting a mod_perl based Apache server [ Marc Deslauriers ] * debian/patches/81_misc_sec_regressions.dpatch: fix regression in rt-email-dashboards, and whitelist search results and calendar helper from CSRF protection * SECURITY UPDATE: Multiple security fixes (LP: #1004834): - Email header injection attack (CVE-2012-4730) - CSRF protection allows attack on bookmarks (CVE-2012-4732) - Confused deputy attack for non-logged-in users (CVE-2012-4734) - Multiple message signing/encryption attacks related to GnuPG (CVE-2012-4735) - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) -- Marc Deslauriers <email address hidden> Fri, 09 Nov 2012 15:15:40 -0500
Available diffs
request-tracker3.8 (3.8.7-1ubuntu2.2) lucid-security; urgency=low * Fix error in previous patch application which broke logins. Thanks to Best Practical for the testing and fix. (LP: #750339) -- Dominic Hargreaves <email address hidden> Thu, 24 Nov 2011 14:37:00 +0000
Available diffs
Deleted in quantal-release (Reason: (From Debian) ROM; Obsoleted by request-tracker4; securit...) |
Published in precise-release |
request-tracker3.8 (3.8.11-1) unstable; urgency=low * New upstream release * Add Danish debconf translation (Closes: #631304) -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 21 Nov 2011 12:43:31 +0000
Available diffs
- diff from 3.8.10-1 to 3.8.11-1 (31.7 KiB)
Deleted in lucid-proposed (Reason: moved to -updates) |
request-tracker3.8 (3.8.7-1ubuntu2.1) lucid-security; urgency=low * SECURITY UPDATE: support salted passwords in database and upgrade unsalted passwords (CVE-2011-0009) - LP: #750339 * Security fix: fix information leakage in scrips (CVE-2011-1008) * Multiple security fixes for: - Remote code execution in external custom fields (CVE-2011-1685) - Information disclosure via SQL injection (CVE-2011-1686) - Information disclosure via search interface (CVE-2011-1687) - Information disclosure via directory traversal (CVE-2011-1688) - User javascript execution via XSS vulnerability (CVE-2011-1689) - Authentication credentials theft (CVE-2011-1690) -- Dominic Hargreaves <email address hidden> Sun, 29 May 2011 13:50:51 +0100
Available diffs
request-tracker3.8 (3.8.8-4ubuntu0.1) maverick-security; urgency=low * Security fix: support salted passwords in database and upgrade unsalted passwords (CVE-2011-0009) * Security fix: fix information leakage in scrips (Closes: 614576; CVE-2011-1008) * Multiple security fixes for: - Remote code execution in external custom fields (CVE-2011-1685) - Information disclosure via SQL injection (CVE-2011-1686) - Information disclosure via search interface (CVE-2011-1687) - Information disclosure via directory traversal (CVE-2011-1688) - User javascript execution via XSS vulnerability (CVE-2011-1689) - Authentication credentials theft (CVE-2011-1690) -- Dominic Hargreaves <email address hidden> Tue, 19 Apr 2011 23:20:25 +0100
Available diffs
request-tracker3.8 (3.8.10-1) unstable; urgency=high * New upstream release; includes multiple security fixes (Closes: #622774): - Remote code execution in external custom fields (CVE-2011-1685) - Information disclosure via SQL injection (CVE-2011-1686) - Information disclosure via search interface (CVE-2011-1687) - Information disclosure via directory traversal (CVE-2011-1688) - User javascript execution via XSS vulnerability (CVE-2011-1689) - Authentication credentials theft (CVE-2011-1690) * Update Standards-Version (no changes)
Available diffs
- diff from 3.8.8-7 to 3.8.10-1 (1.5 MiB)
request-tracker3.8 (3.8.8-7) unstable; urgency=high * Correct name of file in cron.d to one which will be run by cron (Closes: #607209) * Apply patch from upstream reducing the severity of the RTAddressRegexp warning message to "debug", to avoid the cron jobs generating noise * Remove completely misleading documentation from NOTES.Debian relating to migrating between SQLite and other databases (Closes: #608481) * Correct name of libapache2-mod-fcgid in debian/conf/apache2-fcgid.conf * Security fix: support salted passwords in database and upgrade unsalted passwords (CVE-2011-0009) -- Micah Gersten <email address hidden> Tue, 25 Jan 2011 18:32:02 +0000
Available diffs
- diff from 3.8.8-6 to 3.8.8-7 (4.9 KiB)
request-tracker3.8 (3.8.8-6) unstable; urgency=low * Make sure /etc/cron.d exists in postinst before installing cronjob, to cater for the case where cron is not installed (Closes: #602570) * Add cron-daemon to Recommends * Allow for an empty $WebPath config variable in debconf in debian/config (Closes: #599333) * Improve documentation for rt-dump-database and add pointers to UPGRADING in NOTES.Debian (Closes: #603247) -- Ubuntu Archive Auto-Sync <email address hidden> Mon, 15 Nov 2010 09:20:51 +0000
Available diffs
- diff from 3.8.8-5 to 3.8.8-6 (3.0 KiB)
request-tracker3.8 (3.8.8-5) unstable; urgency=low * Add dummy init script to ensure that the database server is started before the web server in parallel booting environments (Closes: #595054) * Debconf translation updates (Closes: #598497) -- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 Oct 2010 09:58:17 +0000
Available diffs
- diff from 3.8.8-4 to 3.8.8-5 (6.2 KiB)
request-tracker3.8 (3.8.8-4) unstable; urgency=low * Debconf translation updates (Closes: #592255, #592514, #593564, #593687, #593989, #594079, #594935) * Update NOTES.Debian to reflect the fact that the root password is not normally set to the default any more * Improve wording of Organization debconf question (Closes: #590919) * Update uscan URL * Document RT_SiteModules.pm in README.Debian * Document the limitations of the rt command-line client in rt3.8-clients.README.Debian (See: #594982) * Revert changes in PostgreSQL and MySQL dependencies made in 3.8.8-2 as at least the PostgreSQL changes introduce upgrade difficulties between lenny and squeeze (Closes: #596926) -- Micah Gersten <email address hidden> Fri, 24 Sep 2010 15:50:44 +0000
Available diffs
- diff from 3.8.8-3ubuntu1 to 3.8.8-4 (11.2 KiB)
Superseded in maverick-release |
request-tracker3.8 (3.8.8-3ubuntu1) maverick; urgency=low * Merge from debian unstable. (LP: #626588) Remaining changes: + debian/control: - Suggest mysql-server-5.1 instead of mysql-server-5.0
Available diffs
- diff from 3.8.8-1ubuntu1 to 3.8.8-3ubuntu1 (20.4 KiB)
Superseded in maverick-release |
request-tracker3.8 (3.8.8-1ubuntu1) maverick; urgency=low * Merge from Debian unstable. (LP: #614036) Remaining changes: - debian/control: + Suggest mysql-server-5.1. - Dont depend on mysql-client-5.0.
Available diffs
request-tracker3.8 (3.8.7-1ubuntu2) lucid; urgency=low * debian/control: Dont depend on mysql-client-5.0. -- Chuck Short <email address hidden> Wed, 14 Apr 2010 10:49:41 -0400
Available diffs
- diff from 3.8.7-1ubuntu1 to 3.8.7-1ubuntu2 (506 bytes)
Superseded in lucid-release |
request-tracker3.8 (3.8.7-1ubuntu1) lucid; urgency=low * debian/control: Suggest mysql-server-5.1. -- Chuck Short <email address hidden> Wed, 07 Apr 2010 11:53:58 -0400
Available diffs
- diff from 3.8.7-1 to 3.8.7-1ubuntu1 (834 bytes)
request-tracker3.8 (3.8.7-1) unstable; urgency=low * New upstream release; includes: - Documentation fix for MySQL schema upgrades (Closes: #550278) * Remove plugin packaging patch (included upstream) * Add NEWS item about a missing index for MySQL for which upstream have not included an upgrade schema * In debian/postinst, clarify that any persistent perl process setup needs to be restarted, not just mod_perl -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 05 Jan 2010 06:06:35 +0000
Available diffs
- diff from 3.8.6-2 to 3.8.7-1 (33.4 KiB)
request-tracker3.8 (3.8.6-2) unstable; urgency=low * Adjust debian/watch file to only pick up 3.8 versions * Remove Gerardo from Uploaders due to MIA status (Closes: #553100) * Depend on packages providing Encode >= 2.21 to fix attachment handling problems (missed dependency change in 3.8.6) -- Ubuntu Archive Auto-Sync <email address hidden> Tue, 17 Nov 2009 17:47:08 +0000
Available diffs
- diff from 3.8.6-1 to 3.8.6-2 (967 bytes)
request-tracker3.8 (3.8.6-1) unstable; urgency=low * New upstream release * Update Vietnamese debconf translation (Closes: #548140) * Include patch from <http://rt3.fsck.com/Ticket/Display.html?id=13975> to support plugin packaging * Update Debian layout to include new plugin dir from the above patch * Remove wrapping patch which has been included upstream * Recommend libdatetime-locale-perl and libdatetime-perl as they will be optionally used by RT, but also Conflict on older versions which break RT.
Available diffs
- diff from 3.8.4-1 to 3.8.6-1 (853.7 KiB)
request-tracker3.8 (3.8.4-1) unstable; urgency=low [ Dominic Hargreaves ] * Add missing comma in Depends (fixes FTBFS on etch) * Update debconf translations: pt.po, ja.po, sv.po, it.po, cs.po, ru.po (Closes: #519885, #519922, #520603, #520759, #521199, #521926) * Document preference for not using SQLite in production (Closes: #512750) [ Christian Perrier ] * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #522367, #520959) * [Debconf translation updates] - Japanese. Closes: #522896 - German. Closes: #520958 - Portuguese. Closes: #523481 - Galician. Closes: #524256 - Galician. Closes: #524256 - Spanish. Closes: #524449 - Italian. Closes: #524715 - Russian. Closes: #524894 - Swedish. Closes: #525171 - French. Closes: #525281 [ Dominic Hargreaves ] * Don't tell dbconfig to comment out unused variables, since this breaks MySQL and Postgres database configuration (Closes: #523090) * Update Standards-Version (no changes) * Switch dependency on sysklogd to rsyslog (Closes: #526914) * New upstream release; includes - Minor security fix (Closes: #533069) - Add missing Postgres index (Closes: #512653) * Patch webmux.pl to provide a better error message when the wrong major version of RT is in @INC (for example in a mod_perl context). (Closes: #518692) * Add some more example Exim 4 configuration (Closes: #238345) * Don't apply database ACLs in databases managed by dbconfig-common. * Remove unused ACL patch -- Ubuntu Archive Auto-Sync <email address hidden> Thu, 18 Jun 2009 08:33:15 +0100
Available diffs
- diff from 3.8.2-1 to 3.8.4-1 (1.2 MiB)
request-tracker3.8 (3.8.2-1) unstable; urgency=low [ Niko Tyni ] * Clean a 3.6 leftover in debian/rules * Remove automatically generated files in the 'build' target so that building twice in a row doesn't change the .diff.gz. * Install the default configuration (everything except RT_Site*) into /usr/share/request-tracker3.8/etc instead of /etc/request-tracker3.8. These files were never meant to be modified and can be overridden through /etc. (Closes: #511254) * Remove the obsolete 41-disable-gnupg configuration snippet. [ Dominic Hargreaves ] * In postinst, remove unmodified obsolete config files for tidiness * Japanese debconf translation, thanks to Hideki Yamane (Closes: #512855) * Depend on libipc-run-safehandles-perl (Closes: #512646) * Fix rt-setup-database to use correct path for upgrade data (Closes: #518556)
1 → 21 of 21 results | First • Previous • Next • Last |