request-tracker4 4.0.12-2 source package in Debian

Changelog

request-tracker4 (4.0.12-2) unstable; urgency=high


  * Multiple security fixes for:
    - Privileged user escalation (CVE-2012-4733)
    - Semi-predictable temporary file names (CVE-2013-3368)
    - Arbitrary Mason component execution (CVE-2013-3369)
    - Direct execution of private callback components (CVE-2013-3370)
    - XSS via attachment filenames and URLs in messages (CVE-2013-3371)
    - XSS via Content-Disposition header (CVE-2013-3372)
    - MIME header injection (CVE-2013-3373)
    - Limited session reuse when using Apache::Session::File (CVE-2013-3374)
  * Include database upgrade (dbconfig-common and NEWS)

 -- Dominic Hargreaves <email address hidden>  Wed, 22 May 2013 18:53:16 +0100

Upload details

Uploaded by:
Debian Request Tracker Group
Uploaded to:
Sid
Original maintainer:
Debian Request Tracker Group
Architectures:
all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
request-tracker4_4.0.12-2.dsc 4.4 KiB 96bcc67f06e6bed264ce15880642bfa91b6084b3d54787a481282f4826d9276e
request-tracker4_4.0.12.orig-third-party-source.tar.gz 1.1 MiB 31410ac58ac8e9368b2e04038d63607ed7e3943fd3e48749a4c80a3a9a11d439
request-tracker4_4.0.12.orig.tar.gz 6.6 MiB ce246da3c5f03144d3070a2419ccc0756496501f143f343b52b96cb2adec09da
request-tracker4_4.0.12-2.debian.tar.gz 84.2 KiB cde9e00e07e152db26decf69b682baa3a955374073bb429febbe32c1fe5f582c

Available diffs

No changes file available.

Binary packages built by this source