request-tracker4 (4.4.7+dfsg-1) unstable; urgency=high
* New upstream release (Closes: #986707, #1054516).
- [CVE-2023-41259] Vulnerablility to unvalidated email headers in
incoming email and the mail-gateway REST interface.
- [CVE-2023-41260] Information leakage via response messages returned
from requests sent via the mail-gateway REST interface.
* Drop patches no longer needed:
- Update-tests-for-EN-datetime-locale-change-to-space.diff
- fix_expired_certs.dif
* Drop patches merged upstream:
- fcgi_client_sigpipe.diff
- libdatetime-format-natural-perl-v0.14.diff
* Set Multi-Arch: foreign for rt4-doc-html .
* Drop patch no_testdeps.diff now that we skip the Mozilla::CA check.
* Add autopkgtests.
* Include ::1 ACL for nginx config.
-- Andrew Ruthven <email address hidden> Sun, 29 Oct 2023 22:36:22 +1300