Format: 1.8 Date: Mon, 04 Jun 2012 14:17:58 +0100 Source: request-tracker4 Binary: request-tracker4 rt4-clients rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite Architecture: all Version: 4.0.4-2ubuntu0.1 Distribution: precise Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Dominic Hargreaves Description: request-tracker4 - extensible trouble-ticket tracking system rt4-apache2 - Apache 2 specific files for request-tracker4 rt4-clients - mail gateway and command-line interface to request-tracker4 rt4-db-mysql - MySQL database backend for request-tracker4 rt4-db-postgresql - PostgreSQL database backend for request-tracker4 rt4-db-sqlite - SQLite database backend for request-tracker4 Changes: request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low . * Multiple security fixes for: - XSS vulnerabilities (CVE-2011-2083) - information disclosure vulnerabilities including password hash exposure and correspondence disclosure to privileged users (CVE-2011-2084) - CSRF vulnerabilities allowing information disclosure, privilege escalation, and arbitrary code execution. Original behaviour may be restored by setting $RestrictReferrer to 0 for installations which rely on it (CVE-2011-2085) - remote code execution vulnerabilities including in VERP functionality (CVE-2011-4458) * Add vulnerable-password and clean-user-txns scripts to accompany above fixes, and run in postinst Checksums-Sha1: 045ccba4225a1553de6ffc64847c20f199b83fae 3904590 request-tracker4_4.0.4-2ubuntu0.1_all.deb ecefc27e8027d64a8e506c84c4472b881bbc1c54 44600 rt4-clients_4.0.4-2ubuntu0.1_all.deb 02a869cd65a4127b163a49bfa6b1301f1c562ef3 7652 rt4-apache2_4.0.4-2ubuntu0.1_all.deb b6a1692ccecb9ca95d7e657571d7793c80d2d11b 6936 rt4-db-postgresql_4.0.4-2ubuntu0.1_all.deb c2eb927883d3c4124a83204b0d65ae2d6b7eea6a 6936 rt4-db-mysql_4.0.4-2ubuntu0.1_all.deb c728282b49a788560f384dcb42dd0ccd57127fb9 7036 rt4-db-sqlite_4.0.4-2ubuntu0.1_all.deb Checksums-Sha256: 19272bce60cf41249e5421c1fc471284921ce1d904929fffe8976f31d3a7bf3a 3904590 request-tracker4_4.0.4-2ubuntu0.1_all.deb 57925b406258c36788237f1cce383fe6782644ff75af3e97900174ce9eedaea6 44600 rt4-clients_4.0.4-2ubuntu0.1_all.deb ead096531398094656a92c0fa4a460063d3ab0575ba1812ab1cd76ff95daec19 7652 rt4-apache2_4.0.4-2ubuntu0.1_all.deb 60369c1d65451ee24b37744886a9758a8d3b144d9e6e7089560d3fd38f3bc382 6936 rt4-db-postgresql_4.0.4-2ubuntu0.1_all.deb c65e193755348f4da700a15b9f952f3986126d05de9be415f896abc799158481 6936 rt4-db-mysql_4.0.4-2ubuntu0.1_all.deb c939d1563b1932d249ecc7c2a9a5a7e44c4ced19296adc9781a38a93d9ddc011 7036 rt4-db-sqlite_4.0.4-2ubuntu0.1_all.deb Files: 5f4fec7315a938db4543d5f42a4969c0 3904590 misc optional request-tracker4_4.0.4-2ubuntu0.1_all.deb 8a7f8bd88b073a70decf2539df755372 44600 misc optional rt4-clients_4.0.4-2ubuntu0.1_all.deb 0a3c6e556ea6333127420218576ac40a 7652 misc optional rt4-apache2_4.0.4-2ubuntu0.1_all.deb e078cbd4cf50330ce9cea3fd988665ac 6936 misc optional rt4-db-postgresql_4.0.4-2ubuntu0.1_all.deb 86282997277e643bb5a95365980c9592 6936 misc optional rt4-db-mysql_4.0.4-2ubuntu0.1_all.deb 8c3a997c5d9b3febe80d3e8c394f0820 7036 misc optional rt4-db-sqlite_4.0.4-2ubuntu0.1_all.deb Original-Maintainer: Debian Request Tracker Group