-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 19 May 2012 22:30:27 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-fcgi rt4-apache2 rt4-db-postgresql
rt4-db-mysql rt4-db-sqlite
Architecture: source all
Version: 4.0.5-3
Distribution: unstable
Urgency: high
Maintainer: Debian Request Tracker Group
<pkg-request-tracker-maintain...@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
rt4-fcgi - External FastCGI support for request-tracker4
Changes:
request-tracker4 (4.0.5-3) unstable; urgency=high
.
[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi.init: fixed 'status' function
.
[ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
Checksums-Sha1:
42859bf7f52adffbf9304f4fc4b8d1b2266ba968 2115 request-tracker4_4.0.5-3.dsc
b64d8601bf2ad1f669c082c4bf5386c95424e551 107459
request-tracker4_4.0.5-3.debian.tar.gz
ba0820dd9dbd58fc6626ab3188b45bd6e9b3060e 3954406
request-tracker4_4.0.5-3_all.deb
6387c5f6db947a84f1afa5af2193c9ba22653f95 45904 rt4-clients_4.0.5-3_all.deb
d5a6f124e7311a5b4927cc4ea4e3b4e30d88cecc 9052 rt4-fcgi_4.0.5-3_all.deb
573b5573ac77f9f3d05084c1a24c07fccbb69690 7948 rt4-apache2_4.0.5-3_all.deb
2519b413e5dd8f4c5bbcd32a7cd0efadabb6cd2c 7220 rt4-db-postgresql_4.0.5-3_all.deb
fc50eea9017b8e87cf0228bf1bc425989b7b2973 7218 rt4-db-mysql_4.0.5-3_all.deb
5800692a4e5af102482dbb6069ffc847090e8cac 7318 rt4-db-sqlite_4.0.5-3_all.deb
Checksums-Sha256:
355255368a34dcb73acb7ddaaa0224140c19b9c04540de581d954d1a625588a1 2115
request-tracker4_4.0.5-3.dsc
3bbacdacd69c558421e67c3f1431d00748b3a2e3e2f3f58d83961d0b6564b0bb 107459
request-tracker4_4.0.5-3.debian.tar.gz
495c8a3c797705ef661a3d1599deba51a2edceb5b2c1cd6e5fef77af5a2056a0 3954406
request-tracker4_4.0.5-3_all.deb
f74ae81dbefee6cde0091c101365868559ccfbaf92a9ac0e48013bba04175843 45904
rt4-clients_4.0.5-3_all.deb
a0e664a6310127d7eb9b51b1e09395171346cbbe28f1eebe7de9579c0f4885d1 9052
rt4-fcgi_4.0.5-3_all.deb
c314afd7cc98c96cf34bd570556c95f99e6257dcdb6dcef46bae9a9be5b0be08 7948
rt4-apache2_4.0.5-3_all.deb
d4ca01ab755d641b1dbb74caf42f700862280bd1254a72c61adf1687f6d41e7b 7220
rt4-db-postgresql_4.0.5-3_all.deb
ec4677c38f17429d3b4c88379a304186de4edc0d2b28556cc1497cacc6d6732a 7218
rt4-db-mysql_4.0.5-3_all.deb
97acda9077b376df81b3ea3353391f143a3592a81542f6cd75871a93fb8096ab 7318
rt4-db-sqlite_4.0.5-3_all.deb
Files:
363f156d3691a67658dc0d57e7a86e8c 2115 misc optional
request-tracker4_4.0.5-3.dsc
94f01816b9742151a9b3436942957439 107459 misc optional
request-tracker4_4.0.5-3.debian.tar.gz
be868b4b9e888de92cd1d3680597239d 3954406 misc optional
request-tracker4_4.0.5-3_all.deb
3eb6de9ad1488a37c7dc066a6534ea8d 45904 misc optional
rt4-clients_4.0.5-3_all.deb
c3dfd45cd87366941d694d3ef898145a 9052 misc optional rt4-fcgi_4.0.5-3_all.deb
a38c7f4c934ed647d465fcad981002ba 7948 misc optional rt4-apache2_4.0.5-3_all.deb
675459a52cae7f532a0e213489bb02bc 7220 misc optional
rt4-db-postgresql_4.0.5-3_all.deb
9b5ba068bcb6be2e266b104695fb8fad 7218 misc optional
rt4-db-mysql_4.0.5-3_all.deb
4238a3cf0947ee8d189cf4f82f5b8821 7318 misc optional
rt4-db-sqlite_4.0.5-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFPvJctYzuFKFF44qURAiryAKCNNtuzw1yl9PcFupTsOXopuWFsbwCfW8CC
Acnn6fs7nn4FZSzmBsyV0LA=
=JtdF
-----END PGP SIGNATURE-----
Accepted:
request-tracker4_4.0.5-3.debian.tar.gz
to main/r/request-tracker4/request-tracker4_4.0.5-3.debian.tar.gz
request-tracker4_4.0.5-3.dsc
to main/r/request-tracker4/request-tracker4_4.0.5-3.dsc
request-tracker4_4.0.5-3_all.deb
to main/r/request-tracker4/request-tracker4_4.0.5-3_all.deb
rt4-apache2_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-apache2_4.0.5-3_all.deb
rt4-clients_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-clients_4.0.5-3_all.deb
rt4-db-mysql_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-db-mysql_4.0.5-3_all.deb
rt4-db-postgresql_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-db-postgresql_4.0.5-3_all.deb
rt4-db-sqlite_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-db-sqlite_4.0.5-3_all.deb
rt4-fcgi_4.0.5-3_all.deb
to main/r/request-tracker4/rt4-fcgi_4.0.5-3_all.deb
--
To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1sx7ed-0000b5...@franck.debian.org
