Accepted request-tracker3.6 3.6.7-5+lenny6 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 14 Apr 2011 09:03:25 +0100
Source: request-tracker3.6
Binary: request-tracker3.6 rt3.6-clients rt3.6-apache2 rt3.6-db-postgresql rt3.6-db-mysql rt3.6-db-sqlite
Architecture: source all
Version: 3.6.7-5+lenny6
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description:
request-tracker3.6 - Extensible trouble-ticket tracking system
rt3.6-apache2 - Apache 2 specific files for request-tracker3.6
rt3.6-clients - Mail gateway and command-line interface to request-tracker3.6
rt3.6-db-mysql - MySQL database backend for request-tracker3.6
rt3.6-db-postgresql - PostgreSQL database backend for request-tracker3.6
rt3.6-db-sqlite - SQLite database backend for request-tracker3.6
Changes:
request-tracker3.6 (3.6.7-5+lenny6) oldstable-security; urgency=high
.
* Security fix: fix information leakage in scrips (CVE-2011-1008)
* Multiple security fixes for:
- Information disclosure via SQL injection (CVE-2011-1686)
- Information disclosure via search interface (CVE-2011-1687)
- Information disclosure via directory traversal (CVE-2011-1688)
- User javascript execution via XSS vulnerability (CVE-2011-1689)
- Authentication credentials theft (CVE-2011-1690)
- XSS relating to login credentials
Checksums-Sha1:
8a7dbcea34e61d62a38da5b969c88e84d4b4f685 1623 request-tracker3.6_3.6.7-5+lenny6.dsc
ad3bc4a0ddb85a30f6e49d594707ee245122b9d0 59668 request-tracker3.6_3.6.7-5+lenny6.diff.gz
12ad165f24b181b6bac12e439d38dbb5403c2e97 1543902 request-tracker3.6_3.6.7-5+lenny6_all.deb
ad267a8c019cdb765aeade907c4ae339d3132257 216172 rt3.6-clients_3.6.7-5+lenny6_all.deb
e642211280c98e037029b3279a1aaab89bdefa1a 187694 rt3.6-apache2_3.6.7-5+lenny6_all.deb
051f7931b213e56c5cbf425437120d59c1be3262 186012 rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb
ad752590647c8421dc7bc56ba5ebf291e65fb31c 186012 rt3.6-db-mysql_3.6.7-5+lenny6_all.deb
a9716327648ba85e325cda735dabcd5d1ef86dfd 186110 rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb
Checksums-Sha256:
d0c8163feceac0f3b84de35f6733a0fda3ba980bf851043908dc13c8949dc59d 1623 request-tracker3.6_3.6.7-5+lenny6.dsc
1be711f426d6fc44d5a1b5942834b1d10b1e6f8d1732e08c2755e804edf875e6 59668 request-tracker3.6_3.6.7-5+lenny6.diff.gz
d7a91ecc2dc829b74ceb295c627f22a587d7ca2d56f34169d585158608712bbd 1543902 request-tracker3.6_3.6.7-5+lenny6_all.deb
9db7ef2d98f4b181017373b7dd616e47718ca60aa61c75708a3ddc794d825c39 216172 rt3.6-clients_3.6.7-5+lenny6_all.deb
b2af23d2042f9dec5e0c4de76c0a8336bbb65fab4823be16a2d1bc80f941467f 187694 rt3.6-apache2_3.6.7-5+lenny6_all.deb
a110e2281b57ba7a88de9713beeef7e608a90dff906df41d42f673e00d495700 186012 rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb
5d8e2d801527149397acd812c0b9b24a8e897b2777893da89275906ce683c186 186012 rt3.6-db-mysql_3.6.7-5+lenny6_all.deb
f1f2e9378a34d4b59f672b63e342cab40e5a573e3da0435c1d347d6e6f3cebbe 186110 rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb
Files:
1e45ad8422ce65d0645a7375d03d0a09 1623 misc optional request-tracker3.6_3.6.7-5+lenny6.dsc
b764f3832a240bc8c9c6d27eda6b7a16 59668 misc optional request-tracker3.6_3.6.7-5+lenny6.diff.gz
94b2028e958214434356bfd15fed98af 1543902 misc optional request-tracker3.6_3.6.7-5+lenny6_all.deb
2a52f6d7d9abff14d03e893717d357f9 216172 misc optional rt3.6-clients_3.6.7-5+lenny6_all.deb
8effa30cccf0f95c25932cb6a5b0f588 187694 misc optional rt3.6-apache2_3.6.7-5+lenny6_all.deb
2c8f87b5a3884c13f62a7bf57009404a 186012 misc optional rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb
b0f5dab9da8c822514c8461e5ff81f7e 186012 misc optional rt3.6-db-mysql_3.6.7-5+lenny6_all.deb
0c631fe6389a0aa6b6e8dfdb8485a292 186110 misc optional rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNpq+MYzuFKFF44qURAmSDAJ0QVsBMNY052IbgNZxcKTkxV21kiACgyUbE
piDjWqJiLltdFM5DhprEUrM=
=9oso
-----END PGP SIGNATURE-----
Accepted:
request-tracker3.6_3.6.7-5+lenny6.diff.gz
to main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny6.diff.gz
request-tracker3.6_3.6.7-5+lenny6.dsc
to main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny6.dsc
request-tracker3.6_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/request-tracker3.6_3.6.7-5+lenny6_all.deb
rt3.6-apache2_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/rt3.6-apache2_3.6.7-5+lenny6_all.deb
rt3.6-clients_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/rt3.6-clients_3.6.7-5+lenny6_all.deb
rt3.6-db-mysql_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/rt3.6-db-mysql_3.6.7-5+lenny6_all.deb
rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb
rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb
to main/r/request-tracker3.6/rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb
Reply to: