request-tracker3.8 3.8.10-1ubuntu0.1 source package in Ubuntu

Changelog

request-tracker3.8 (3.8.10-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: Multiple security fixes (LP: #1004834):
    - Email header injection attack (CVE-2012-4730)
    - CSRF protection allows attack on bookmarks (CVE-2012-4732)
    - Confused deputy attack for non-logged-in users (CVE-2012-4734)
    - Multiple message signing/encryption attacks related to GnuPG
      (CVE-2012-4735)
    - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
    - XSS vulnerabilities (CVE-2011-2083)
    - information disclosure vulnerabilities including password hash
      exposure and correspondence disclosure to privileged users
      (CVE-2011-2084)
    - CSRF vulnerabilities allowing information disclosure,
      privilege escalation, and arbitrary code execution. Original
      behaviour may be restored by setting $RestrictReferrer to 0 for
      installations which rely on it (CVE-2011-2085)
    - remote code execution vulnerabilities including in VERP
      functionality (CVE-2011-4458)
  * Fix the vulnerable-passwords script to also upgrade password hashes
    for disabled users, and rerun the script in postinst (CVE-2011-2082)
  * Include clean-user-txns script to accompany the above fixes, and
    run in postinst
  * Provide specific instructions for restarting a mod_perl based
    Apache server
  * debian/patches/60_misc_sec_regressions.dpatch: fix regression in
    rt-email-dashboards, and whitelist search results and calendar helper
    from CSRF protection
 -- Marc Deslauriers <email address hidden>   Fri, 09 Nov 2012 15:08:36 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2012-11-09
Uploaded to:
Oneiric
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
all
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Oneiric: [FULLYBUILT] i386

Downloads

File Size MD5 Checksum
request-tracker3.8_3.8.10.orig.tar.gz 5.4 MiB 00c147d71476d032d33dbad76bdc06ff
request-tracker3.8_3.8.10-1ubuntu0.1.diff.gz 114.7 KiB 116010e00be653283f2f8695f3afd3ea
request-tracker3.8_3.8.10-1ubuntu0.1.dsc 2.3 KiB 86f80592f4a84638b6cb0daf680ff8d8

View changes file

Binary packages built by this source

request-tracker3.8: No summary available for request-tracker3.8 in ubuntu oneiric.

No description available for request-tracker3.8 in ubuntu oneiric.

rt3.8-apache2: No summary available for rt3.8-apache2 in ubuntu oneiric.

No description available for rt3.8-apache2 in ubuntu oneiric.

rt3.8-clients: No summary available for rt3.8-clients in ubuntu oneiric.

No description available for rt3.8-clients in ubuntu oneiric.

rt3.8-db-mysql: No summary available for rt3.8-db-mysql in ubuntu oneiric.

No description available for rt3.8-db-mysql in ubuntu oneiric.

rt3.8-db-postgresql: No summary available for rt3.8-db-postgresql in ubuntu oneiric.

No description available for rt3.8-db-postgresql in ubuntu oneiric.

rt3.8-db-sqlite: No summary available for rt3.8-db-sqlite in ubuntu oneiric.

No description available for rt3.8-db-sqlite in ubuntu oneiric.