-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 19 Apr 2025 12:40:58 +1200
Source: request-tracker4
Architecture: source
Version: 4.4.4+dfsg-2+deb11u4
Distribution: bullseye-security
Urgency: medium
Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Closes: 1068452 1104424
Changes:
request-tracker4 (4.4.4+dfsg-2+deb11u4) bullseye-security; urgency=medium
.
* [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452).
* Apply upstream patches which fix several security vulnerabilities
(Closes: #1104424).
- [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
malicious parameters in a search URL.
- [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
encrypting SMIME email. This is an outdated cipher algorithm, so the
default is changed to aes-128-cbc. In addition, this is now configurable
so you can pick an alternate cipher now or in the future, or revert to
des3 if needed for compatibility
* Cherry-pick upstream fix to GnuPG test.
Checksums-Sha1:
3b3b818a80aa7d02f3253094aab0a25028e9f8ad 5572 request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
7d624996cc50e47946ba53228f61a21f54c996fc 157820 request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
73090528ad6d9e7bb01cc651660e9c3444e8802a 20179 request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo
Checksums-Sha256:
29db025cbf6e8b4ec266ab97d4273dde3cf6d96138f3d7a0b33a4809622d442c 5572 request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
669cede40dd92590c22a67b29f62f394f3c5d68f3b798c65109dd4c048efaab3 157820 request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
ebe6d3b08893fe80f522acc728a7fd57b0ef5c43e4d4a98aa41b8e5126801d92 20179 request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo
Files:
b19ddce176bd5980300724630bf21e02 5572 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
0b80f3ea912a7e0b85c4c06d86fdca54 157820 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
243a4f728903400a48710945a6d9cb47 20179 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmgbRkAACgkQS1PZMeTT
6GNsFQ/+Lzfpc1F0H+Km4OZG/Dvzldke7TI/gCXHm1nSL7HPm/sVubPRizXYqj+T
N+Ba25MGX7Q9fEkNR//9r8Mzf2lP7yoFce4J2BhbuILzk5RXAWr/Fwcmbz3jfoH+
pbB8LuZ39hRsPcXr6ETn7tOHFbzUSE4p5IWINPAyOBoUGUhkB898cT7VgJwz/Nkj
rJCY5e8kMoJhfzf36mU8nrs5hqrLX5Z/S63zT4j5Ex0QC0+Lv8PrOQ4qO6+aURLG
WsDvxUGl5NlUOGCIwORRcXOxA60zazVYpr22+Wpa+gGDTFfjVuvsQ4TcJfKz2GRT
dNwSCTOPnphWUv3rjcyRjhfEA0VybcqwwQ0bPeA5X6h9xBt6+ZTKbgcotaqD0zVM
+QOAA7FPW/1xbZM6rxfk7McEtXy495dF1IBDtbkdnmX6SOLGUl0SzKdLcSMuwdb0
GOlN6r0UlaoaPKV3XNoTqqFwIDen4UpMkIBWiu3QPQjn/atPx+VdClvXHqDMELGA
BCRmYgamndFdy8XNY8trmsszjxsBlVn5wxTv5PaRrCyxWsecUALST1zU0FthtH4t
lH6q4Wkr3tnHzwz1EjedNRtORpv4qCm9PehBZcq76L0YkpEkPX+QFd/BlTuB+TXg
UPl+R29BEQjhjeuOIqu62GQz5VR9gUoGNorlT98JFiyHg33PzoE=
=jDEo
-----END PGP SIGNATURE-----
Attachment:
pgpFAeZZolidM.pgp
Description: PGP signature