request-tracker3.8 3.8.7-1ubuntu2.3 source package in Ubuntu
Changelog
request-tracker3.8 (3.8.7-1ubuntu2.3) lucid-security; urgency=low [ Dominic Hargreaves ] * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Fix the vulnerable-passwords script to also upgrade password hashes for disabled users, and rerun the script in postinst (CVE-2011-2082) * Include clean-user-txns script to accompany the above fixes, and run in postinst * Provide specific instructions for restarting a mod_perl based Apache server [ Marc Deslauriers ] * debian/patches/81_misc_sec_regressions.dpatch: fix regression in rt-email-dashboards, and whitelist search results and calendar helper from CSRF protection * SECURITY UPDATE: Multiple security fixes (LP: #1004834): - Email header injection attack (CVE-2012-4730) - CSRF protection allows attack on bookmarks (CVE-2012-4732) - Confused deputy attack for non-logged-in users (CVE-2012-4734) - Multiple message signing/encryption attacks related to GnuPG (CVE-2012-4735) - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) -- Marc Deslauriers <email address hidden> Fri, 09 Nov 2012 15:15:40 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Lucid
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
request-tracker3.8_3.8.7.orig.tar.gz | 3.2 MiB | dacc4392cbb3987a5ac6ba25bfe9b3348cd9b5485d08c448a21aae4d87064f30 |
request-tracker3.8_3.8.7-1ubuntu2.3.diff.gz | 106.7 KiB | 333346ada518cbe702c9d39eb71f61c97c3fb124c7a57699d2d5fc4dfbe36422 |
request-tracker3.8_3.8.7-1ubuntu2.3.dsc | 2.3 KiB | 60deeda4b3d818a4c46a432aef30650c01cec1818a28435596b11b9a476a6ef4 |
Available diffs
Binary packages built by this source
- request-tracker3.8: No summary available for request-tracker3.8 in ubuntu lucid.
No description available for request-tracker3.8 in ubuntu lucid.
- rt3.8-apache2: No summary available for rt3.8-apache2 in ubuntu lucid.
No description available for rt3.8-apache2 in ubuntu lucid.
- rt3.8-clients: No summary available for rt3.8-clients in ubuntu lucid.
No description available for rt3.8-clients in ubuntu lucid.
- rt3.8-db-mysql: No summary available for rt3.8-db-mysql in ubuntu lucid.
No description available for rt3.8-db-mysql in ubuntu lucid.
- rt3.8-db-postgresql: No summary available for rt3.8-db-postgresql in ubuntu lucid.
No description available for rt3.8-db-postgresql in ubuntu lucid.
- rt3.8-db-sqlite: No summary available for rt3.8-db-sqlite in ubuntu lucid.
No description available for rt3.8-db-sqlite in ubuntu lucid.