-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4349-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 26, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : request-tracker4 Version : 4.4.4+dfsg-2+deb11u5 CVE ID : CVE-2025-61873 It was discovered that Request Tracker, an extensible trouble-ticket tracking system, is prone to a CSV injection via ticket values with special characters that are exported to a TSV from search results. For Debian 11 bullseye, this problem has been fixed in version 4.4.4+dfsg-2+deb11u5. We recommend that you upgrade your request-tracker4 packages. For the detailed security status of request-tracker4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmj+DDNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEfGrQ//VdIaSrl6vB2alpF3GwNzbsOpIQH89ol5OA/3UEaF9LZl1YHJ4AUVy0Qo dZMPzkx5/8PhQt8d0vB3oHVcnmJBBw53bxHX7B11r8MvUeW2L55YDtXQor7l0xVd 2Cu+cWV8/6ClfarEf/v0yRv0D7sNXZqI0HwXk4TxIqtEmj3Vw8gaGwr1KYHoohFJ surwiSewl93ZvDlhkhYE0PEq/1Mwfq5Flm/o4JmK53m5NzngK85YTyoPkWzSJ+DW Fiiwtouumjyxrp4UH4MaftMDbETU339H+aW0qiGWjKeWZMB2xW0sfmPuRqopd9BI ED4mOdCz10XUK8k4ymRnzwIUX3c4LXbB2HDP9jLTj5ugJre81v8RIJBh2ZgveTsz yXcpZd+stIx9rsKupLBBZz7XY/fi/0pipllm56y9cR2bdf5rAUTnkWU/RTmR5o7x H5riSwxeyClRjS7SjNwtBfwI3ejl6PqT2yAtR4dpd/HmH4wI9VsfoZoEcvuy/d/g DS1ts2mIAfmSHUQC93iyMvbsY0G1bkdOrqwC5LBOY7DTQ7k3LY2q2B9LUQ5kmXzn zLq9XAcreQ4TL67YmpxrzLY/wiVnwmBUU5IXJ6ERF48AT+uZ0TvMAbsZeanw4l4D NgCXh3py70ECXD/lKjeb+g8Uz19B4OxZQ832U3OaTghSdnHZi30= =uZpk -----END PGP SIGNATURE-----
