[request-tracker-maintainers] Bug#622774: Security Release for Request Tracker
Stefan Hornburg (Racke)
racke at linuxia.de
Thu Apr 14 14:38:33 UTC 2011
package: request-tracker3.8
tags: security
This release of RT contains important bugfixes. You can download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig
SHA1 sums
98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 rt-3.8.10.tar.gz
8e228df450d0cdc255e3db725b5bdf302771c75d rt-3.8.10.tar.gz.sig
This release, in addition to being a bugfix release, also resolves a
number of security vulnerabilities. It resolves CVE-2011-1685,
CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and
CVE-2011-1690.
* Cleanups identified by perlcritic.
* Clear the system attribute cache to avoid 'sticky' attributes like
the queue subject tag.
* Fix our signature escaping so we better match FCKEditor and don't
misidentify signatures during processing.
* Add the ability to create BasedOn Custom Fields from intiialdata
* Provide a callback to affect the display format in admin pages
* Fix id prefixing on Custom Fields to be RTIR compatible
* Fix #16656 - Requestors with OwnTicket could show up in the owner list
in other Queues.
* Don't attach the original multipart mail to notifications that already
contain one part of it.
* Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our
utf-8 encoded javascript.
This affects also RT 3.6 as in Lenny.
Regards
Racke
More information about the pkg-request-tracker-maintainers
mailing list