request-tracker4 4.0.12-2 source package in Debian
Changelog
request-tracker4 (4.0.12-2) unstable; urgency=high
* Multiple security fixes for:
- Privileged user escalation (CVE-2012-4733)
- Semi-predictable temporary file names (CVE-2013-3368)
- Arbitrary Mason component execution (CVE-2013-3369)
- Direct execution of private callback components (CVE-2013-3370)
- XSS via attachment filenames and URLs in messages (CVE-2013-3371)
- XSS via Content-Disposition header (CVE-2013-3372)
- MIME header injection (CVE-2013-3373)
- Limited session reuse when using Apache::Session::File (CVE-2013-3374)
* Include database upgrade (dbconfig-common and NEWS)
-- Dominic Hargreaves <email address hidden> Wed, 22 May 2013 18:53:16 +0100
Upload details
- Uploaded by:
- Debian Request Tracker Group
- Uploaded to:
- Sid
- Original maintainer:
- Debian Request Tracker Group
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| request-tracker4_4.0.12-2.dsc | 4.4 KiB | 96bcc67f06e6bed264ce15880642bfa91b6084b3d54787a481282f4826d9276e |
| request-tracker4_4.0.12.orig-third-party-source.tar.gz | 1.1 MiB | 31410ac58ac8e9368b2e04038d63607ed7e3943fd3e48749a4c80a3a9a11d439 |
| request-tracker4_4.0.12.orig.tar.gz | 6.6 MiB | ce246da3c5f03144d3070a2419ccc0756496501f143f343b52b96cb2adec09da |
| request-tracker4_4.0.12-2.debian.tar.gz | 84.2 KiB | cde9e00e07e152db26decf69b682baa3a955374073bb429febbe32c1fe5f582c |
Available diffs
- diff from 4.0.12-1 to 4.0.12-2 (8.8 KiB)
No changes file available.
