From carnil at debian.org  Mon Nov  3 19:52:03 2025
From: carnil at debian.org (Salvatore Bonaccorso)
Date: Mon, 03 Nov 2025 20:52:03 +0100
Subject: [request-tracker-maintainers] Bug#1120003: request-tracker4:
 CVE-2025-61873
Message-ID: <176219952328.1694252.2276011706236214049.reportbug@eldamar.lan>

Source: request-tracker4
Version: 4.4.7+dfsg-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerability was published for request-tracker4.

CVE-2025-61873[0].

Filling just for visibility, there is already a blocking bug #1030749,
so package won't enter testing.

Question: Should request-tracker4 be removed from unstable?

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-61873
    https://www.cve.org/CVERecord?id=CVE-2025-61873

Regards,
Salvatore