Debian
request-tracker4 package

request-tracker4 4.4.4+dfsg-2+deb11u2 source package in Debian

Changelog

request-tracker4 (4.4.4+dfsg-2+deb11u2) bullseye-security; urgency=medium

  * Apply upstream patch which fixes several security vulnerabilities.
    - A cross-site scripting (XSS) issue when displaying attachment content
      with fraudulent content types. This vulnerability is assigned
      CVE-2022-25802.
    - Not performing full rights checks on access to file or image type
      custom fields, possibly allowing access to these custom fields by
      users without rights to access to the associated objects (like the
      ticket it is associated with).

 -- Andrew Ruthven <email address hidden>  Sun, 03 Jul 2022 20:09:25 +1200

Upload details

Uploaded by:
Debian Request Tracker Group
Uploaded to:
Bullseye
Original maintainer:
Debian Request Tracker Group
Architectures:
all
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
request-tracker4_4.4.4+dfsg-2+deb11u2.dsc 5.5 KiB d7f0efe42738087c8da7ef4e4d3f9f7ff941f091da447bbcb7b51f67e4ba46fe
request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz 3.0 MiB 9f142a07b09cd34c9120fa71b88fab7904bdb475096ac7405766d7ca2ee3505d
request-tracker4_4.4.4+dfsg.orig.tar.gz 9.5 MiB 34c316a4a78d7ee9b95d4391530f9bb3ff3edd99ebbebfac6354ed173e940884
request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz 86.2 KiB 2de4dbae5072b807f15dcfaf05633431cfc0046fd0e095864475391519965523

No changes file available.

Binary packages built by this source