Accepted request-tracker4 4.4.4+dfsg-2+deb11u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 03 Jul 2022 20:09:25 +1200
Source: request-tracker4
Architecture: source
Version: 4.4.4+dfsg-2+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Changes:
request-tracker4 (4.4.4+dfsg-2+deb11u2) bullseye-security; urgency=medium
.
* Apply upstream patch which fixes several security vulnerabilities.
- A cross-site scripting (XSS) issue when displaying attachment content
with fraudulent content types. This vulnerability is assigned
CVE-2022-25802.
- Not performing full rights checks on access to file or image type
custom fields, possibly allowing access to these custom fields by
users without rights to access to the associated objects (like the
ticket it is associated with).
Checksums-Sha1:
9110f829e3bb412fdeb9732d538a3436aa47b959 5590 request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
a550ba2a5f7281abf3e2638e950262524e752107 3178021 request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
e2c9ed8716a180638b4ce34a05d67bcc6c4c0935 9977845 request-tracker4_4.4.4+dfsg.orig.tar.gz
206c225fac90df9deee571866c461efa152d3715 88248 request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
67f36a6bfc131e1b30fb87fb71f85af583ccc41b 18994 request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo
Checksums-Sha256:
d7f0efe42738087c8da7ef4e4d3f9f7ff941f091da447bbcb7b51f67e4ba46fe 5590 request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
9f142a07b09cd34c9120fa71b88fab7904bdb475096ac7405766d7ca2ee3505d 3178021 request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
34c316a4a78d7ee9b95d4391530f9bb3ff3edd99ebbebfac6354ed173e940884 9977845 request-tracker4_4.4.4+dfsg.orig.tar.gz
2de4dbae5072b807f15dcfaf05633431cfc0046fd0e095864475391519965523 88248 request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
79f4c18c3e66ad5fe9f99aba2c6d6d3719ee89e3f7358b613cbc857640cec8ef 18994 request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo
Files:
2fb81e4112ad46e6aa01d831d26f080e 5590 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
dc2037ca7437687836bf74fa9e3ecc96 3178021 misc optional request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
4bb2ac970b70dfcb3b328472d1adc24e 9977845 misc optional request-tracker4_4.4.4+dfsg.orig.tar.gz
d83fb3d7c8437f3f046fc89705715cd8 88248 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
07e66d2be77def48e035ff3b2251e7b0 18994 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAmLOxhYNHGRvbUBlYXJ0
aC5saQAKCRDABX5xTWlPsjSyEACd5YidTP4YJ6urmAYuf7eSU4rKsmIenPn47w/n
il8j73V1rA6mOX9potadnyiWQnsAMKM+7GuIrM2TMPz2yGDn7MYoasGKW1kf/rl4
0SdfAXNfBdE9ZZQtY/GRKHVtmnuGC6mDE7M5gDVB1h3GFh+aChy91qe/2YS/WESx
czn+ilfxZTnIr+vMbdeAyW+iTJIJ2yN7AOnyNctVkjmoWRiDSC/lVQJQpanwzk7f
N7rQIQneQn/9hiWWFB9NN/GhFm6tMQJy6V3WO6pYtfMJZZpYa8/Gd3+7Y1tPwtv/
dvMmhXV6f9A0I94GZh2baPXFrrfxT25UNQj5Yaun2WxYF/Zel1gS/HLyEiY4lGlJ
1A59UHVz+JVXPUKjhzFROKP0OqQIU3drWwab8o3iuTRpJwL7iaLMlPucn3kBdC4D
2l+ZSM6STGR25KoJiVMA6U5I7hYCv/d5vysNRiJLaQsvt2pgW8VDqAkLTk16v6O/
lYrOYpy/Uo7DBW8LZOp1zdCTSJCbLVFtKwxW1JppiPX9yzskwjbSFsJEApSOLGIc
dcxwn5pkPu+NJKgIhiAR9oCzhWcc089nsnQH8wQCxojz/t5Y+aL5/OUAg+Xdjwpv
HBi0kmok+sHDWYqFykRFFWqUqLAmBEqUOnv/wCdczcfAOXbdSiTCBjSYNaEGAoIh
/hv0Yg==
=p0ej
-----END PGP SIGNATURE-----
Reply to: