[request-tracker-maintainers] request-tracker4_4.0.5-3_i386.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed May 23 09:14:51 UTC 2012 



Accepted:
request-tracker4_4.0.5-3.debian.tar.gz
  to main/r/request-tracker4/request-tracker4_4.0.5-3.debian.tar.gz
request-tracker4_4.0.5-3.dsc
  to main/r/request-tracker4/request-tracker4_4.0.5-3.dsc
request-tracker4_4.0.5-3_all.deb
  to main/r/request-tracker4/request-tracker4_4.0.5-3_all.deb
rt4-apache2_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-apache2_4.0.5-3_all.deb
rt4-clients_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-clients_4.0.5-3_all.deb
rt4-db-mysql_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-mysql_4.0.5-3_all.deb
rt4-db-postgresql_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-postgresql_4.0.5-3_all.deb
rt4-db-sqlite_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-db-sqlite_4.0.5-3_all.deb
rt4-fcgi_4.0.5-3_all.deb
  to main/r/request-tracker4/rt4-fcgi_4.0.5-3_all.deb


Changes:
request-tracker4 (4.0.5-3) unstable; urgency=high
 .
  [ Dmitry Smirnov ]
  * debian/copyright update
  * added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
  * debian/rt4-fcgi.init: fixed 'status' function
 .
  [ Dominic Hargreaves ]
  * Multiple security fixes for:
    - XSS vulnerabilities (CVE-2011-2083)
    - information disclosure vulnerabilities including password hash
      exposure and correspondence disclosure to privileged users
      (CVE-2011-2084)
    - CSRF vulnerabilities allowing information disclosure,
      privilege escalation, and arbitrary code execution. Original
      behaviour may be restored by setting $RestrictReferrer to 0 for
      installations which rely on it (CVE-2011-2085)
    - remote code execution vulnerabilities including in VERP
      functionality (CVE-2011-4458)
  * Add vulnerable-password and clean-user-txns scripts to accompany
    above fixes, and run in postinst


Override entries for your package:
request-tracker4_4.0.5-3.dsc - source misc
request-tracker4_4.0.5-3_all.deb - optional misc
rt4-apache2_4.0.5-3_all.deb - optional misc
rt4-clients_4.0.5-3_all.deb - optional misc
rt4-db-mysql_4.0.5-3_all.deb - optional misc
rt4-db-postgresql_4.0.5-3_all.deb - optional misc
rt4-db-sqlite_4.0.5-3_all.deb - optional misc
rt4-fcgi_4.0.5-3_all.deb - optional misc

Announcing to debian-devel-changes at lists.debian.org


Thank you for your contribution to Debian.

More information about the pkg-request-tracker-maintainers mailing list