[Git][security-tracker-team/security-tracker][master] Reserve DLA-4157-1 for request-tracker4

Santiago R.R. (@santiago) santiago at debian.org
Thu May 8 15:34:50 BST 2025 


Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4e8ffd94 by Santiago Ruano Rincón at 2025-05-08T11:34:37-03:00
Reserve DLA-4157-1 for request-tracker4

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -120383,7 +120383,6 @@ CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion vulnerabilities exist in t
 CVE-2024-3262 (Information exposure vulnerability in RT software affecting version 4. ...)
 	{DSA-5911-1 DSA-5909-1}
 	- request-tracker4 4.4.7+dfsg-2 (bug #1068452)
-	[bullseye] - request-tracker4 <no-dsa> (Minor issue)
 	[buster] - request-tracker4 <no-dsa> (Minor issue)
 	- request-tracker5 5.0.7+dfsg-1 (bug #1068453)
 	NOTE: https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 May 2025] DLA-4157-1 request-tracker4 - security update
+	{CVE-2024-3262 CVE-2025-2545 CVE-2025-30087}
+	[bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u4
 [08 May 2025] DLA-4156-1 openssh - security update
 	{CVE-2025-32728}
 	[bullseye] - openssh 1:8.4p1-5+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -360,12 +360,6 @@ rails
 redis (Chris Lamb)
   NOTE: 20250425: Added by Front-Desk (rouca)
 --
-request-tracker4 (santiago)
-  NOTE: 20250429: Added by Front-Desk (lamby)
-  NOTE: 20250429: Note that claimee is not an LTS team member. "There are new RT updates for which the maintainer is taking care himself of uploading fixes for LTS [and] he would prefer if once uploads are done a LTS team member takes care of releasing the DLA". (lamby)
-  NOTE: 20250430: This is to resolve CVE-2024-3262, CVE-2025-30087 and CVE-2025-2545. (lamby)
-  NOTE: 20250507: Andrew Ruthven just uploaded a DLA, lamby is coordinating through a private thread (Beuc/front-desk)
---
 ruby-graphql
   NOTE: 20250422: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8ffd942cccc3631743e9e63600c887f5549db7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8ffd942cccc3631743e9e63600c887f5549db7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/1b36e0f4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list