Accepted request-tracker4 4.0.5-3 (source all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted request-tracker4 4.0.5-3 (source all)
From: Dominic Hargreaves <dom@earth.li>
Date: Wed, 23 May 2012 09:14:51 +0000
Message-id: <[🔎] E1SX7ed-0000b5-KH@franck.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 19 May 2012 22:30:27 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite
Architecture: source all
Version: 4.0.5-3
Distribution: unstable
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Description: 
 request-tracker4 - extensible trouble-ticket tracking system
 rt4-apache2 - Apache 2 specific files for request-tracker4
 rt4-clients - mail gateway and command-line interface to request-tracker4
 rt4-db-mysql - MySQL database backend for request-tracker4
 rt4-db-postgresql - PostgreSQL database backend for request-tracker4
 rt4-db-sqlite - SQLite database backend for request-tracker4
 rt4-fcgi   - External FastCGI support for request-tracker4
Changes: 
 request-tracker4 (4.0.5-3) unstable; urgency=high
 .
   [ Dmitry Smirnov ]
   * debian/copyright update
   * added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
   * debian/rt4-fcgi.init: fixed 'status' function
 .
   [ Dominic Hargreaves ]
   * Multiple security fixes for:
     - XSS vulnerabilities (CVE-2011-2083)
     - information disclosure vulnerabilities including password hash
       exposure and correspondence disclosure to privileged users
       (CVE-2011-2084)
     - CSRF vulnerabilities allowing information disclosure,
       privilege escalation, and arbitrary code execution. Original
       behaviour may be restored by setting $RestrictReferrer to 0 for
       installations which rely on it (CVE-2011-2085)
     - remote code execution vulnerabilities including in VERP
       functionality (CVE-2011-4458)
   * Add vulnerable-password and clean-user-txns scripts to accompany
     above fixes, and run in postinst
Checksums-Sha1: 
 42859bf7f52adffbf9304f4fc4b8d1b2266ba968 2115 request-tracker4_4.0.5-3.dsc
 b64d8601bf2ad1f669c082c4bf5386c95424e551 107459 request-tracker4_4.0.5-3.debian.tar.gz
 ba0820dd9dbd58fc6626ab3188b45bd6e9b3060e 3954406 request-tracker4_4.0.5-3_all.deb
 6387c5f6db947a84f1afa5af2193c9ba22653f95 45904 rt4-clients_4.0.5-3_all.deb
 d5a6f124e7311a5b4927cc4ea4e3b4e30d88cecc 9052 rt4-fcgi_4.0.5-3_all.deb
 573b5573ac77f9f3d05084c1a24c07fccbb69690 7948 rt4-apache2_4.0.5-3_all.deb
 2519b413e5dd8f4c5bbcd32a7cd0efadabb6cd2c 7220 rt4-db-postgresql_4.0.5-3_all.deb
 fc50eea9017b8e87cf0228bf1bc425989b7b2973 7218 rt4-db-mysql_4.0.5-3_all.deb
 5800692a4e5af102482dbb6069ffc847090e8cac 7318 rt4-db-sqlite_4.0.5-3_all.deb
Checksums-Sha256: 
 355255368a34dcb73acb7ddaaa0224140c19b9c04540de581d954d1a625588a1 2115 request-tracker4_4.0.5-3.dsc
 3bbacdacd69c558421e67c3f1431d00748b3a2e3e2f3f58d83961d0b6564b0bb 107459 request-tracker4_4.0.5-3.debian.tar.gz
 495c8a3c797705ef661a3d1599deba51a2edceb5b2c1cd6e5fef77af5a2056a0 3954406 request-tracker4_4.0.5-3_all.deb
 f74ae81dbefee6cde0091c101365868559ccfbaf92a9ac0e48013bba04175843 45904 rt4-clients_4.0.5-3_all.deb
 a0e664a6310127d7eb9b51b1e09395171346cbbe28f1eebe7de9579c0f4885d1 9052 rt4-fcgi_4.0.5-3_all.deb
 c314afd7cc98c96cf34bd570556c95f99e6257dcdb6dcef46bae9a9be5b0be08 7948 rt4-apache2_4.0.5-3_all.deb
 d4ca01ab755d641b1dbb74caf42f700862280bd1254a72c61adf1687f6d41e7b 7220 rt4-db-postgresql_4.0.5-3_all.deb
 ec4677c38f17429d3b4c88379a304186de4edc0d2b28556cc1497cacc6d6732a 7218 rt4-db-mysql_4.0.5-3_all.deb
 97acda9077b376df81b3ea3353391f143a3592a81542f6cd75871a93fb8096ab 7318 rt4-db-sqlite_4.0.5-3_all.deb
Files: 
 363f156d3691a67658dc0d57e7a86e8c 2115 misc optional request-tracker4_4.0.5-3.dsc
 94f01816b9742151a9b3436942957439 107459 misc optional request-tracker4_4.0.5-3.debian.tar.gz
 be868b4b9e888de92cd1d3680597239d 3954406 misc optional request-tracker4_4.0.5-3_all.deb
 3eb6de9ad1488a37c7dc066a6534ea8d 45904 misc optional rt4-clients_4.0.5-3_all.deb
 c3dfd45cd87366941d694d3ef898145a 9052 misc optional rt4-fcgi_4.0.5-3_all.deb
 a38c7f4c934ed647d465fcad981002ba 7948 misc optional rt4-apache2_4.0.5-3_all.deb
 675459a52cae7f532a0e213489bb02bc 7220 misc optional rt4-db-postgresql_4.0.5-3_all.deb
 9b5ba068bcb6be2e266b104695fb8fad 7218 misc optional rt4-db-mysql_4.0.5-3_all.deb
 4238a3cf0947ee8d189cf4f82f5b8821 7318 misc optional rt4-db-sqlite_4.0.5-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFPvJctYzuFKFF44qURAiryAKCNNtuzw1yl9PcFupTsOXopuWFsbwCfW8CC
Acnn6fs7nn4FZSzmBsyV0LA=
=JtdF
-----END PGP SIGNATURE-----


Accepted:
request-tracker4_4.0.5-3.debian.tar.gz
  to main/r/request-tracker4/request-tracker4_4.0.5-3.debian.tar.gz
request-tracker4_4.0.5-3.dsc
  to main/r/request-tracker4/request-tracker4_4.0.5-3.dsc
request-tracker4_4.0.5-3_all.deb
  to main/r/request-tracker4/request-tracker4_4.0.5-3_all.deb
rt4-apache2_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-apache2_4.0.5-3_all.deb
rt4-clients_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-clients_4.0.5-3_all.deb
rt4-db-mysql_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-mysql_4.0.5-3_all.deb
rt4-db-postgresql_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-postgresql_4.0.5-3_all.deb
rt4-db-sqlite_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-sqlite_4.0.5-3_all.deb
rt4-fcgi_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-fcgi_4.0.5-3_all.deb

Reply to:

Prev by Date: Accepted eclipse-anyedit 2.4.2-1 (source all)
Next by Date: Accepted screader 1.8-7 (source amd64)
Previous by thread: Accepted eclipse-anyedit 2.4.2-1 (source all)
Next by thread: Accepted screader 1.8-7 (source amd64)
Index(es):
- Date
- Thread