Accepted request-tracker4 4.0.7-5+deb7u2~bpo60+1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 23 May 2013 00:54:36 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite
Architecture: source all
Version: 4.0.7-5+deb7u2~bpo60+1
Distribution: squeeze-backports
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
rt4-fcgi - External FastCGI support for request-tracker4
Changes:
request-tracker4 (4.0.7-5+deb7u2~bpo60+1) squeeze-backports; urgency=high
.
* Rebuild for squeeze-backports.
* Drop versioned depends on liburi-perl as it's not available in
squeeze (and libplack-perl in bpo depends on an earlier version);
this means that upstream #18104 (missing tickets in dashboard emails)
is still unfixed
* Drop versioned depends on libipc-run-perl as it's not available in
at the required version in squeeze-bpo; this means that upstream #19802
(drawing graphs of relationships with UTF-8 strings) is still unfixed
.
request-tracker4 (4.0.7-5+deb7u2) wheezy-security; urgency=high
.
* Correct dbconfig upgrade script versioning
* Add logging fix for previous security fix patchset
.
request-tracker4 (4.0.7-5+deb7u1) wheezy-security; urgency=high
.
* Multiple security fixes for:
- Privileged user escalation (CVE-2012-4733)
- Semi-predictable temporary file names (CVE-2013-3368)
- Arbitrary Mason component execution (CVE-2013-3369)
- Direct execution of private callback components (CVE-2013-3370)
- XSS via attachment filenames and URLs in messages (CVE-2013-3371)
- XSS via Content-Disposition header (CVE-2013-3372)
- MIME header injection (CVE-2013-3373)
- Limited session reuse when using Apache::Session::File (CVE-2013-3374)
* Include database upgrade (dbconfig-common and NEWS)
Checksums-Sha1:
43cbe344c241d5f67df7b72c3a98c0f29cbe9578 1929 request-tracker4_4.0.7-5+deb7u2~bpo60+1.dsc
e82a586972ee0922ff4e7cade3e1154cec599f92 88393 request-tracker4_4.0.7-5+deb7u2~bpo60+1.debian.tar.gz
de53bb9c3388995eb76b68854537c4a0cb803742 3957656 request-tracker4_4.0.7-5+deb7u2~bpo60+1_all.deb
3387e9a0580f3cb2619e9001560104a4fe226f92 47838 rt4-clients_4.0.7-5+deb7u2~bpo60+1_all.deb
bcde97a55bbe3990e77f61cf738fc98a7a2b8f8f 11760 rt4-fcgi_4.0.7-5+deb7u2~bpo60+1_all.deb
5fadef9dcc907df6eb6b84bfb36c07d37d0cf308 10680 rt4-apache2_4.0.7-5+deb7u2~bpo60+1_all.deb
e8a00bc5eacdd52b3e84319ced9cd180b808b761 9828 rt4-db-postgresql_4.0.7-5+deb7u2~bpo60+1_all.deb
040ef2e80a334f62dd63990a071f735c0ee3a002 9830 rt4-db-mysql_4.0.7-5+deb7u2~bpo60+1_all.deb
71cfa15d3d9b4e339a3f51c71e2171eafad5b4ef 9930 rt4-db-sqlite_4.0.7-5+deb7u2~bpo60+1_all.deb
Checksums-Sha256:
4c7439359904a7b059fda19571233d6a04573564ab24b09fa495c7733cc38923 1929 request-tracker4_4.0.7-5+deb7u2~bpo60+1.dsc
0b2e204b9bda479f18323700518fde88df98a48eb29534d3cc9a682dca52df2e 88393 request-tracker4_4.0.7-5+deb7u2~bpo60+1.debian.tar.gz
21589f176f84ec62978acc464cfda2f6c58c86b27d22ea6ec8bec2c8225365fa 3957656 request-tracker4_4.0.7-5+deb7u2~bpo60+1_all.deb
36f3a99f5e65745c334a45dd8ff09403073da31b5bfc1ad5b30597aeda2b9316 47838 rt4-clients_4.0.7-5+deb7u2~bpo60+1_all.deb
04c28ca962320b2575a4585c7287b9ac1fe9bdfa589c9633d49a68e7907298db 11760 rt4-fcgi_4.0.7-5+deb7u2~bpo60+1_all.deb
4d2c40cb5073beb55ed6c81f21aa7c4ae4346560974eba42ae4e76845067e5b1 10680 rt4-apache2_4.0.7-5+deb7u2~bpo60+1_all.deb
1918ea2f492d4456fcb2ecd278ed33c17d517f9e1245c72cdf960ee700a2a6a1 9828 rt4-db-postgresql_4.0.7-5+deb7u2~bpo60+1_all.deb
a5572698ccfe32594c3fb9d905c7d55146bf2c86db025314ed10807bf8d8a773 9830 rt4-db-mysql_4.0.7-5+deb7u2~bpo60+1_all.deb
dbfeca93702119038941be04265f0e4d37337d7e478537383c7b599017b6ce8f 9930 rt4-db-sqlite_4.0.7-5+deb7u2~bpo60+1_all.deb
Files:
5aa4d68e242d6eb5de28170c55ebef49 1929 misc optional request-tracker4_4.0.7-5+deb7u2~bpo60+1.dsc
bb31fd647d05353ad13ccbbc2011f1e4 88393 misc optional request-tracker4_4.0.7-5+deb7u2~bpo60+1.debian.tar.gz
405d87016d0c87f8c9c53fb0834c8a7c 3957656 misc optional request-tracker4_4.0.7-5+deb7u2~bpo60+1_all.deb
970261554a6ab92947c02425840ff38d 47838 misc optional rt4-clients_4.0.7-5+deb7u2~bpo60+1_all.deb
f2baaf7db4c7124a6fcd1dfdb8f7be34 11760 misc optional rt4-fcgi_4.0.7-5+deb7u2~bpo60+1_all.deb
57a5e758e391dae74ced59114795d15e 10680 misc optional rt4-apache2_4.0.7-5+deb7u2~bpo60+1_all.deb
894aa99fba27b350888c8ea3823b92a1 9828 misc optional rt4-db-postgresql_4.0.7-5+deb7u2~bpo60+1_all.deb
3f512240b0f15d975f811fef7b572599 9830 misc optional rt4-db-mysql_4.0.7-5+deb7u2~bpo60+1_all.deb
19aadecb525554965abfa98bd93948ca 9930 misc optional rt4-db-sqlite_4.0.7-5+deb7u2~bpo60+1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFRnVzeYzuFKFF44qURAtvnAJ9sSCQAFikY7lZ7s+F985pPFfOxAQCgpgPX
pXYHloTiU42M9ArCBxPDOrw=
=J7St
-----END PGP SIGNATURE-----
xPDOrw=
=J7St
-----END PGP SIGNATURE-----
Reply to: