request-tracker4 4.4.3-2+deb10u2 source package in Debian
Changelog
request-tracker4 (4.4.3-2+deb10u2) buster-security; urgency=medium
* Apply upstream patch which fixes several security vulnerabilities.
- A cross-site scripting (XSS) issue when displaying attachment content
with fraudulent content types. This vulnerability is assigned
CVE-2022-25802.
- Not performing full rights checks on access to file or image type
custom fields, possibly allowing access to these custom fields by
users without rights to access to the associated objects (like the
ticket it is associated with).
-- Andrew Ruthven <email address hidden> Sun, 03 Jul 2022 20:09:25 +1200
Upload details
- Uploaded by:
- Debian Request Tracker Group
- Uploaded to:
- Buster
- Original maintainer:
- Debian Request Tracker Group
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main | misc |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| request-tracker4_4.4.3-2+deb10u2.dsc | 5.4 KiB | e44ad0eed32d79f0a677f46b7fcc8b1c2ccb7e31ce33ad35c437569df3bab0c3 |
| request-tracker4_4.4.3.orig-third-party-source.tar.gz | 1.1 MiB | e429e3319881fed1fe4aa53bf3384a34ee1eb5c60a71f908dbdabd662813b8fc |
| request-tracker4_4.4.3.orig.tar.gz | 9.1 MiB | 738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 |
| request-tracker4_4.4.3-2+deb10u2.debian.tar.xz | 78.5 KiB | 1c2aaa61c45e8bfce83a32853a04fe0df68858243e0832dfa439cd8b58de3ada |
No changes file available.
