Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update

To: debian-security@lists.debian.org
Cc: team@security.debian.org
Subject: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
From: Dominic Hargreaves <dom@earth.li>
Date: Fri, 25 May 2012 09:29:44 +0100
Message-id: <[🔎] 20120525082944.GQ29215@urchin.earth.li>
In-reply-to: <20120524173703.GA4986@pisco.westfalen.local>
References: <20120524173703.GA4986@pisco.westfalen.local>

On Thu, May 24, 2012 at 07:37:03PM +0200, Moritz Muehlenhoff wrote:
> Several vulnerabilities were discovered in Request Tracker, an issue
> tracking system:

> For the stable distribution (squeeze), this problem has been fixed in
> version 3.8.8-7+squeeze2.

This fix introduced a regression for deployments using mod_perl;
sending outgoing email is broken.

Please see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674522>
for more information.

If you are using RT in this mode you may wish to hold off on applying
the update until this problem is fixed.

> For the unstable distribution (sid), this problem has been fixed in
> version 4.0.5-3.

RT 4 should not have been affected by this bug.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
  - From: Dominic Hargreaves <dom@earth.li>

Prev by Date: AUTO: Andrea Curti is out of office (returning 28/05/2012)
Next by Date: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Previous by thread: AUTO: Andrea Curti is out of office (returning 28/05/2012)
Next by thread: Re: [SECURITY] [DSA 2480-1] request-tracker3.8 security update
Index(es):
- Date
- Thread