request-tracker4 4.0.5-3 source package in Ubuntu
Changelog
request-tracker4 (4.0.5-3) unstable; urgency=high [ Dmitry Smirnov ] * debian/copyright update * added missing 'libfcgi-perl' dependency to 'rt4-fcgi' * debian/rt4-fcgi.init: fixed 'status' function [ Dominic Hargreaves ] * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Add vulnerable-password and clean-user-txns scripts to accompany above fixes, and run in postinst -- Dominic Hargreaves <email address hidden> Sat, 19 May 2012 22:30:27 +0100
Upload details
- Uploaded by:
- Debian Request Tracker Group
- Uploaded to:
- Sid
- Original maintainer:
- Debian Request Tracker Group
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
request-tracker4_4.0.5-3.dsc | 2.1 KiB | 355255368a34dcb73acb7ddaaa0224140c19b9c04540de581d954d1a625588a1 |
request-tracker4_4.0.5.orig-third-party-source.tar.gz | 786.4 KiB | 4b623ccf47c37238e77284251d8d092a0394d9d5c55572de08b39175c7ee581d |
request-tracker4_4.0.5.orig.tar.gz | 5.6 MiB | 280daadff11595fe4baa4f55544cedd26ada560b421c165bba45340fd6eaddb0 |
request-tracker4_4.0.5-3.debian.tar.gz | 104.9 KiB | 3bbacdacd69c558421e67c3f1431d00748b3a2e3e2f3f58d83961d0b6564b0bb |
Available diffs
- diff from 4.0.5-2 to 4.0.5-3 (44.2 KiB)
No changes file available.
Binary packages built by this source
- request-tracker4: No summary available for request-tracker4 in ubuntu quantal.
No description available for request-tracker4 in ubuntu quantal.
- rt4-apache2: No summary available for rt4-apache2 in ubuntu quantal.
No description available for rt4-apache2 in ubuntu quantal.
- rt4-clients: No summary available for rt4-clients in ubuntu quantal.
No description available for rt4-clients in ubuntu quantal.
- rt4-db-mysql: No summary available for rt4-db-mysql in ubuntu quantal.
No description available for rt4-db-mysql in ubuntu quantal.
- rt4-db-postgresql: No summary available for rt4-db-postgresql in ubuntu quantal.
No description available for rt4-db-postgresql in ubuntu quantal.
- rt4-db-sqlite: No summary available for rt4-db-sqlite in ubuntu quantal.
No description available for rt4-db-sqlite in ubuntu quantal.
- rt4-fcgi: No summary available for rt4-fcgi in ubuntu quantal.
No description available for rt4-fcgi in ubuntu quantal.