Bug#690664: [request-tracker-maintainers] Freeze exception for RT 4.0.7?

[Dominic Hargreaves <dom@earth.li>]

On Tue, Oct 16, 2012 at 09:38:24AM +0100, Dominic Hargreaves wrote:
> On Wed, Oct 10, 2012 at 11:57:38PM +0200, Julien Cristau wrote:

> > Looks generally ok, although the js changes are annoyingly large.  It's
> > getting late, but much of that is my fault, so if you still want this in
> > feel free to upload.
> 
> Thanks. Please unblock:
> 
> unblock request-tracker4/4.0.7-1

It's now

unblock request-tracker4/4.0.7-2

and this includes some security fixes:

Changes: 
 request-tracker4 (4.0.7-2) unstable; urgency=high
 .
   * Multiple security fixes for:
     - Email header injection attack (CVE-2012-4730)
     - Missing rights checking for Articles (CVE-2012-4731)
     - CSRF protection allows attack on bookmarks (CVE-2012-4732)
     - Confused deputy attack for non-logged-in users (CVE-2012-4734)
     - Multiple message signing/encryption attacks related to GnuPG
       (CVE-2012-4735)
     - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)