------------------------------------------------------------------------- Debian LTS Advisory DLA-4157-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Santiago Ruano Rincón May 08, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : request-tracker4 Version : 4.4.4+dfsg-2+deb11u4 CVE ID : CVE-2024-3262 CVE-2025-2545 CVE-2025-30087 Debian Bug : 1068452 1104424 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in information disclosure, cross-site scripting and use of weak encryption for S/MIME emails. For Debian 11 bullseye, these problems have been fixed in version 4.4.4+dfsg-2+deb11u4. We recommend that you upgrade your request-tracker4 packages. For the detailed security status of request-tracker4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature