[request-tracker-maintainers] Fixes for RT 3.x issue CVE-2011-0009
Dominic Hargreaves
dom at earth.li
Thu Jan 20 08:28:52 UTC 2011
On Tue, Jan 18, 2011 at 10:50:58PM +0000, Dominic Hargreaves wrote:
> Sorry, I got the timing wrong. It's tomorrow, Wednesday, that I believe
> the planned release is. I'll email both you and the stable release
> managers after then and we'll see where people are best placed.
This issue has now been released:
<http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html>
An proposed update for lenny is now sitting at
svn+ssh://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.6/branches/lenny-security
and I'd like to get this fixed in lenny. The security team isn't sure
whether they can fix this in a DSA or not at this stage, and suggested
a stable update as a possibility.
Please can either DSA or SRM let me know of their preferred option?
The fix is ready to upload either way.
Thanks,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-request-tracker-maintainers
mailing list