request-tracker4 4.0.5-3 source package in Debian
Changelog
request-tracker4 (4.0.5-3) unstable; urgency=high
[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi.init: fixed 'status' function
[ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
-- Dominic Hargreaves <email address hidden> Sat, 19 May 2012 22:30:27 +0100
Upload details
- Uploaded by:
- Debian Request Tracker Group
- Uploaded to:
- Sid
- Original maintainer:
- Debian Request Tracker Group
- Architectures:
- all
- Section:
- misc
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| request-tracker4_4.0.5-3.dsc | 2.1 KiB | 355255368a34dcb73acb7ddaaa0224140c19b9c04540de581d954d1a625588a1 |
| request-tracker4_4.0.5.orig-third-party-source.tar.gz | 786.4 KiB | 4b623ccf47c37238e77284251d8d092a0394d9d5c55572de08b39175c7ee581d |
| request-tracker4_4.0.5.orig.tar.gz | 5.6 MiB | 280daadff11595fe4baa4f55544cedd26ada560b421c165bba45340fd6eaddb0 |
| request-tracker4_4.0.5-3.debian.tar.gz | 104.9 KiB | 3bbacdacd69c558421e67c3f1431d00748b3a2e3e2f3f58d83961d0b6564b0bb |
Available diffs
- diff from 4.0.5-2 to 4.0.5-3 (44.2 KiB)
No changes file available.
