Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update

To: debian-security@lists.debian.org
Cc: team@security.debian.org
Subject: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
From: Dominic Hargreaves <dom@earth.li>
Date: Fri, 25 May 2012 14:09:38 +0100
Message-id: <[🔎] 20120525130938.GS29215@urchin.earth.li>
In-reply-to: <[🔎] 20120525082944.GQ29215@urchin.earth.li>
References: <20120524173703.GA4986@pisco.westfalen.local> <[🔎] 20120525082944.GQ29215@urchin.earth.li>

On Fri, May 25, 2012 at 09:29:44AM +0100, Dominic Hargreaves wrote:
> On Thu, May 24, 2012 at 07:37:03PM +0200, Moritz Muehlenhoff wrote:
> > Several vulnerabilities were discovered in Request Tracker, an issue
> > tracking system:
> 
> > For the stable distribution (squeeze), this problem has been fixed in
> > version 3.8.8-7+squeeze2.
> 
> This fix introduced a regression for deployments using mod_perl;
> sending outgoing email is broken.
> 
> Please see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674522>
> for more information.
> 
> If you are using RT in this mode you may wish to hold off on applying
> the update until this problem is fixed.

There has also been another regression reported which I have not
confirmed yet:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674558

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
  - From: "Ben Whyall" <ben@whyall-systems.co.uk>

References:
- Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by Date: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Previous by thread: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Next by thread: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Index(es):
- Date
- Thread