request-tracker4 4.0.1-1ubuntu0.1 source package in Ubuntu
Changelog
request-tracker4 (4.0.1-1ubuntu0.1) oneiric-security; urgency=low * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Add vulnerable-password and clean-user-txns scripts to accompany above fixes, and run in postinst -- Dominic Hargreaves <email address hidden> Mon, 07 May 2012 14:16:20 +1000
Upload details
- Uploaded by:
- Dominic Hargreaves
- Sponsored by:
- Marc Deslauriers
- Uploaded to:
- Oneiric
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
request-tracker4_4.0.1.orig-third-party-source.tar.gz | 786.4 KiB | a117e4486aa25a6d012f8970d17c44692b107746125bf7114bb6530aaa9d3def |
request-tracker4_4.0.1.orig.tar.gz | 5.6 MiB | 3c8d3b081eb1a05ab99d2db661071af7752105ad9ecf06576ae12c0b4130a1f9 |
request-tracker4_4.0.1-1ubuntu0.1.debian.tar.gz | 100.3 KiB | 4f07d5912f1db021bc6496896b1b3312a699a14f01615ee90f0bff908e74f24b |
request-tracker4_4.0.1-1ubuntu0.1.dsc | 2.5 KiB | 9ad584023c02fd03b07dd1b23ef4ed29c321f36702268302d38395fd2aa970b1 |
Available diffs
Binary packages built by this source
- request-tracker4: No summary available for request-tracker4 in ubuntu oneiric.
No description available for request-tracker4 in ubuntu oneiric.
- rt4-apache2: No summary available for rt4-apache2 in ubuntu oneiric.
No description available for rt4-apache2 in ubuntu oneiric.
- rt4-clients: No summary available for rt4-clients in ubuntu oneiric.
No description available for rt4-clients in ubuntu oneiric.
- rt4-db-mysql: No summary available for rt4-db-mysql in ubuntu oneiric.
No description available for rt4-db-mysql in ubuntu oneiric.
- rt4-db-postgresql: No summary available for rt4-db-postgresql in ubuntu oneiric.
No description available for rt4-db-postgresql in ubuntu oneiric.
- rt4-db-sqlite: No summary available for rt4-db-sqlite in ubuntu oneiric.
No description available for rt4-db-sqlite in ubuntu oneiric.