Re: [SECURITY] [DSA 2480-4] request-tracker3.8 regression update

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: [SECURITY] [DSA 2480-4] request-tracker3.8 regression update
From: Darcy Small <pcwizardinc@hotmail.com>
Date: Sun, 16 Sep 2012 16:26:18 +0100
Message-id: <[🔎] BLU0-SMTP1691396A9F28FB60C6239A9AB960@phx.gbl>
In-reply-to: <201209151306.54607.geissert@debian.org>
References: <201209151306.54607.geissert@debian.org>


Darcy Small
Online PC Wizard
+447542537273
https://www.onlinepcwizard.com

On 15 Sep 2012, at 19:06, Raphael Geissert <geissert@debian.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2480-4                   security@debian.org
> http://www.debian.org/security/                          Raphael Geissert
> September 15, 2012                     http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
> 
> Package        : request-tracker3.8
> Vulnerability  : regression
> Debian-specific: no
> 
> The security updates for request-tracker3.8, DSA-2480-1, DSA-2480-2,
> and DSA-2480-3, contained minor regressions. Namely:
> 
> * The calendar popup page in Internet Explorer would be blocked by the
> CSRF protection mechanism.
> * Search results pages could not be shared without saving, sharing, and
> then loading the search.
> * rt-email-dashboards would fail with an error due to a call to an
> undefined "interp" method.
> 
> Please note that if you run request-tracker3.8 under the Apache web
> server, you must stop and start Apache manually.  The "restart"
> mechanism is not recommended, especially when using mod_perl.
> 
> For the stable distribution (squeeze), this problem has been fixed in
> version 3.8.8-7+squeeze5.
> 
> We recommend that you upgrade your request-tracker3.8 packages.
> 
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
> 
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> 
> iEYEARECAAYFAlBUw7kACgkQYy49rUbZzloRmgCfRWU98a5Ug1c5HSGr9ltpRo17
> hU8An0wDUZTxSnOEuHfScdRcmuCYB1aW
> =BaTL
> -----END PGP SIGNATURE-----
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/201209151306.54607.geissert@debian.org
> 
>

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice
Next by Date: Re: Use of DSA number for general announcements
Previous by thread: Re: [SECURITY] [DSA 2548-1] Debian Security Team PGP/GPG key change notice
Next by thread: DSA for apache2 2.2.16-6+squeeze8
Index(es):
- Date
- Thread