request-tracker4 4.4.3-2+deb10u2 source package in Debian
Changelog
request-tracker4 (4.4.3-2+deb10u2) buster-security; urgency=medium * Apply upstream patch which fixes several security vulnerabilities. - A cross-site scripting (XSS) issue when displaying attachment content with fraudulent content types. This vulnerability is assigned CVE-2022-25802. - Not performing full rights checks on access to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access to the associated objects (like the ticket it is associated with). -- Andrew Ruthven <email address hidden> Sun, 03 Jul 2022 20:09:25 +1200
Upload details
- Uploaded by:
- Debian Request Tracker Group
- Uploaded to:
- Buster
- Original maintainer:
- Debian Request Tracker Group
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Buster | release | main | misc |
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
request-tracker4_4.4.3-2+deb10u2.dsc | 5.4 KiB | e44ad0eed32d79f0a677f46b7fcc8b1c2ccb7e31ce33ad35c437569df3bab0c3 |
request-tracker4_4.4.3.orig-third-party-source.tar.gz | 1.1 MiB | e429e3319881fed1fe4aa53bf3384a34ee1eb5c60a71f908dbdabd662813b8fc |
request-tracker4_4.4.3.orig.tar.gz | 9.1 MiB | 738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 |
request-tracker4_4.4.3-2+deb10u2.debian.tar.xz | 78.5 KiB | 1c2aaa61c45e8bfce83a32853a04fe0df68858243e0832dfa439cd8b58de3ada |
No changes file available.