Accepted request-tracker3.8 3.8.8-7+squeeze1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Apr 2011 08:55:14 +0100
Source: request-tracker3.8
Binary: request-tracker3.8 rt3.8-clients rt3.8-apache2 rt3.8-db-postgresql rt3.8-db-mysql rt3.8-db-sqlite
Architecture: source all
Version: 3.8.8-7+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description:
request-tracker3.8 - extensible trouble-ticket tracking system
rt3.8-apache2 - Apache 2 specific files for request-tracker3.8
rt3.8-clients - mail gateway and command-line interface to request-tracker3.8
rt3.8-db-mysql - MySQL database backend for request-tracker3.8
rt3.8-db-postgresql - PostgreSQL database backend for request-tracker3.8
rt3.8-db-sqlite - SQLite database backend for request-tracker3.8
Closes: 614576
Changes:
request-tracker3.8 (3.8.8-7+squeeze1) stable-security; urgency=high
.
* Security fix: fix information leakage in scrips (Closes: 614576;
CVE-2011-1008)
* Multiple security fixes for:
- Remote code execution in external custom fields (CVE-2011-1685)
- Information disclosure via SQL injection (CVE-2011-1686)
- Information disclosure via search interface (CVE-2011-1687)
- Information disclosure via directory traversal (CVE-2011-1688)
- User javascript execution via XSS vulnerability (CVE-2011-1689)
- Authentication credentials theft (CVE-2011-1690)
Checksums-Sha1:
ad823570406581796e6312f1016d188225057778 1632 request-tracker3.8_3.8.8-7+squeeze1.dsc
be3ac598dcbf584f9bcd9a49248a9ccd3affb330 5109734 request-tracker3.8_3.8.8.orig.tar.gz
442bc7dfd8a46e1b034ae41a8505f17036183080 83370 request-tracker3.8_3.8.8-7+squeeze1.diff.gz
144014473a8f3b1b224e7950a4186aa561b9dfb4 4656416 request-tracker3.8_3.8.8-7+squeeze1_all.deb
267277fd65f83e2e8567d2616cb387e01f714eae 47020 rt3.8-clients_3.8.8-7+squeeze1_all.deb
0608364eb70e163515c3921f1f42aabbeac461d3 12450 rt3.8-apache2_3.8.8-7+squeeze1_all.deb
06041598f589105a3bbe03bade37470256e0230d 11134 rt3.8-db-postgresql_3.8.8-7+squeeze1_all.deb
5e3aea667516da514a9a90501073e98d93aafa79 11134 rt3.8-db-mysql_3.8.8-7+squeeze1_all.deb
b8222869f3a915fbe5f49c9a473f0b59d207ae1f 11226 rt3.8-db-sqlite_3.8.8-7+squeeze1_all.deb
Checksums-Sha256:
b5d3cfa8409b2c66df4f434705ab99af9e31c20684ea75b77dd14e5be1d0130a 1632 request-tracker3.8_3.8.8-7+squeeze1.dsc
d3932febc5b3fa1da1168713f305a095ea6b40dd22d508849471e6637ba04c02 5109734 request-tracker3.8_3.8.8.orig.tar.gz
f3713dc51a6dbb0e5a445626a462efdd29c4850fd1a7ced46d07fa4a8a53df8a 83370 request-tracker3.8_3.8.8-7+squeeze1.diff.gz
beec7ee70ccbaed7d616dc54988d36c03fb5137548f5ee3863e0f596c3557ae1 4656416 request-tracker3.8_3.8.8-7+squeeze1_all.deb
ec8ff0be77210063f840d5ad2ae720817ad235fcf86d651881c159c6d81cde00 47020 rt3.8-clients_3.8.8-7+squeeze1_all.deb
fbd183972df1a3c30f6314d3c3b0373be22d6dfd811edd3bc8c0db8c79f077dd 12450 rt3.8-apache2_3.8.8-7+squeeze1_all.deb
a83d45436c3fd9cc39d47a3d68bd3d10c266785ff9b502afcc6cf028ecf79d9d 11134 rt3.8-db-postgresql_3.8.8-7+squeeze1_all.deb
00cafd445840905337c499855f76374d5179a864e3ece372f6f420c9b0e63b12 11134 rt3.8-db-mysql_3.8.8-7+squeeze1_all.deb
deb075b3ce94babb4c274310f5a9142bcad878bac2fcf92ed7fa73bae50159e6 11226 rt3.8-db-sqlite_3.8.8-7+squeeze1_all.deb
Files:
89060935bb2e4552dcec70205480f315 1632 misc optional request-tracker3.8_3.8.8-7+squeeze1.dsc
de062840ce6e2fdb323d77dddf8ff485 5109734 misc optional request-tracker3.8_3.8.8.orig.tar.gz
30a52734a3aac6914591d3115707666c 83370 misc optional request-tracker3.8_3.8.8-7+squeeze1.diff.gz
d677ce379af31b287a816e499a4561e9 4656416 misc optional request-tracker3.8_3.8.8-7+squeeze1_all.deb
b11befa7a21f6d039a408adf62c524c5 47020 misc optional rt3.8-clients_3.8.8-7+squeeze1_all.deb
6935f7973dd67f4456af062c8aecf4bc 12450 misc optional rt3.8-apache2_3.8.8-7+squeeze1_all.deb
c199403b24b5e9e3c41b2d3b49412426 11134 misc optional rt3.8-db-postgresql_3.8.8-7+squeeze1_all.deb
81d4715c06630ee391040e74e799f285 11134 misc optional rt3.8-db-mysql_3.8.8-7+squeeze1_all.deb
4575725abd5cf5e7648ea6fb51b9d88f 11226 misc optional rt3.8-db-sqlite_3.8.8-7+squeeze1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNrbAfYzuFKFF44qURAtmxAJ9KVXwf7Mlu8d7eQs+R3ezKoH7/YACgnK0B
ZrycySH+GaSAyOMFgOBMyGM=
=A+fr
-----END PGP SIGNATURE-----
Accepted:
request-tracker3.8_3.8.8-7+squeeze1.diff.gz
to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze1.diff.gz
request-tracker3.8_3.8.8-7+squeeze1.dsc
to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze1.dsc
request-tracker3.8_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/request-tracker3.8_3.8.8-7+squeeze1_all.deb
rt3.8-apache2_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/rt3.8-apache2_3.8.8-7+squeeze1_all.deb
rt3.8-clients_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/rt3.8-clients_3.8.8-7+squeeze1_all.deb
rt3.8-db-mysql_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/rt3.8-db-mysql_3.8.8-7+squeeze1_all.deb
rt3.8-db-postgresql_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/rt3.8-db-postgresql_3.8.8-7+squeeze1_all.deb
rt3.8-db-sqlite_3.8.8-7+squeeze1_all.deb
to main/r/request-tracker3.8/rt3.8-db-sqlite_3.8.8-7+squeeze1_all.deb
Reply to: