Ubuntu
request-tracker4 package

request-tracker4 4.0.1-1ubuntu0.1 source package in Ubuntu

Changelog

request-tracker4 (4.0.1-1ubuntu0.1) oneiric-security; urgency=low

  * Multiple security fixes for:
    - XSS vulnerabilities (CVE-2011-2083)
    - information disclosure vulnerabilities including password hash
      exposure and correspondence disclosure to privileged users
      (CVE-2011-2084)
    - CSRF vulnerabilities allowing information disclosure,
      privilege escalation, and arbitrary code execution. Original
      behaviour may be restored by setting $RestrictReferrer to 0 for
      installations which rely on it (CVE-2011-2085)
    - remote code execution vulnerabilities including in VERP
      functionality (CVE-2011-4458)
  * Add vulnerable-password and clean-user-txns scripts to accompany
    above fixes, and run in postinst
 -- Dominic Hargreaves <email address hidden>   Mon, 07 May 2012 14:16:20 +1000

Upload details

Uploaded by:
Dominic Hargreaves
Sponsored by:
Marc Deslauriers
Uploaded to:
Oneiric
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
misc
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Oneiric: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
request-tracker4_4.0.1.orig-third-party-source.tar.gz 786.4 KiB a117e4486aa25a6d012f8970d17c44692b107746125bf7114bb6530aaa9d3def
request-tracker4_4.0.1.orig.tar.gz 5.6 MiB 3c8d3b081eb1a05ab99d2db661071af7752105ad9ecf06576ae12c0b4130a1f9
request-tracker4_4.0.1-1ubuntu0.1.debian.tar.gz 100.3 KiB 4f07d5912f1db021bc6496896b1b3312a699a14f01615ee90f0bff908e74f24b
request-tracker4_4.0.1-1ubuntu0.1.dsc 2.5 KiB 9ad584023c02fd03b07dd1b23ef4ed29c321f36702268302d38395fd2aa970b1

View changes file

Binary packages built by this source

request-tracker4: No summary available for request-tracker4 in ubuntu oneiric.

No description available for request-tracker4 in ubuntu oneiric.

rt4-apache2: No summary available for rt4-apache2 in ubuntu oneiric.

No description available for rt4-apache2 in ubuntu oneiric.

rt4-clients: No summary available for rt4-clients in ubuntu oneiric.

No description available for rt4-clients in ubuntu oneiric.

rt4-db-mysql: No summary available for rt4-db-mysql in ubuntu oneiric.

No description available for rt4-db-mysql in ubuntu oneiric.

rt4-db-postgresql: No summary available for rt4-db-postgresql in ubuntu oneiric.

No description available for rt4-db-postgresql in ubuntu oneiric.

rt4-db-sqlite: No summary available for rt4-db-sqlite in ubuntu oneiric.

No description available for rt4-db-sqlite in ubuntu oneiric.