Accepted request-tracker4 4.2.8-3+deb8u2 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 10 Jun 2017 23:25:11 +0100
Source: request-tracker4
Binary: request-tracker4 rt4-clients rt4-standalone rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite rt4-doc-html
Architecture: all source
Version: 4.2.8-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
Changed-By: Dominic Hargreaves <dom@earth.li>
Closes: 864302
Description:
request-tracker4 - extensible trouble-ticket tracking system
rt4-apache2 - Apache 2 specific files for request-tracker4
rt4-clients - mail gateway and command-line interface to request-tracker4
rt4-db-mysql - MySQL database backend for request-tracker4
rt4-db-postgresql - PostgreSQL database backend for request-tracker4
rt4-db-sqlite - SQLite database backend for request-tracker4
rt4-doc-html - HTML documentation for request-tracker4
rt4-fcgi - External FastCGI support for request-tracker4
rt4-standalone - Standalone web server support for request-tracker4
Changes:
request-tracker4 (4.2.8-3+deb8u2) jessie-security; urgency=high
.
* Fix FTBFS due to base.pm changes (Closes: #864302)
* Fix multiple security issues:
- [CVE-2017-5943] CSRF verification token information leak
- [CVE-2016-6127] XSS in file uploads
- [CVE-2017-5361] Timing side-channel vulnerability in password
verification
- [CVE-2017-5944] Remote code execution in dashboard interface
- Add check for incorrect RestrictLoginReferrer configuration setting
* Work around a DoS vulnerability in Email::Address (CVE-2015-7686)
Checksums-Sha1:
253920f51e42317d0da074bcc88861b74f6f8cb2 5629 request-tracker4_4.2.8-3+deb8u2.dsc
000a7de7337b4f0ab60fb5dbed451e610b4183f3 78564 request-tracker4_4.2.8-3+deb8u2.debian.tar.xz
8f366bd8c54808ce4d468efc5b31d7edec5a779e 3073664 request-tracker4_4.2.8-3+deb8u2_all.deb
be38b9ffad749fe29b843b8baa4a58b41d32b144 51986 rt4-clients_4.2.8-3+deb8u2_all.deb
64e98c4fc9af467c918f163f0732bf121f40f1a8 16706 rt4-standalone_4.2.8-3+deb8u2_all.deb
745bf82d49eec132db122ab495b10d3f4c0f67ba 19066 rt4-fcgi_4.2.8-3+deb8u2_all.deb
ec485cc6c5ad1138b321783bc243b0ba40617926 18016 rt4-apache2_4.2.8-3+deb8u2_all.deb
4241bf057937a41fb6825cb6c91b6493439c7da2 17326 rt4-db-postgresql_4.2.8-3+deb8u2_all.deb
fc27f3be4eadf0764a24a63475a684479dd572bc 17338 rt4-db-mysql_4.2.8-3+deb8u2_all.deb
9e67bc8d03f246f4d0673aa4ef1ae8c3ff246c5f 17438 rt4-db-sqlite_4.2.8-3+deb8u2_all.deb
05c7773b3494cea4655980956d1948e48916223f 982314 rt4-doc-html_4.2.8-3+deb8u2_all.deb
Checksums-Sha256:
6f759c001d865196694323cd77c9e227a95904224bda0c84f057ebb873f5a5bd 5629 request-tracker4_4.2.8-3+deb8u2.dsc
7686f9ec7bea98d4c9fdecb76b6a846f55e2f12f0d7133e7e4f61a9f7b43e902 78564 request-tracker4_4.2.8-3+deb8u2.debian.tar.xz
5817d9fac54b9aeec1153c93a5798e966279642e06e0ffb5a2c891b6d6c0a577 3073664 request-tracker4_4.2.8-3+deb8u2_all.deb
4f8263c192be0e4bd3f0cefcd126a9965d432770e1ab64081ab7320bb06a9201 51986 rt4-clients_4.2.8-3+deb8u2_all.deb
615f6fb07a952472790152a7e4be550ce33e3a6686119573bc4c3ff02fec8e91 16706 rt4-standalone_4.2.8-3+deb8u2_all.deb
6d85dbb7ae624f0519a51c9c953de4e5a7becedfbebabb7334a3b5a1908229c0 19066 rt4-fcgi_4.2.8-3+deb8u2_all.deb
a9df4c9d426556cbbfbc9be09be74a4a497574d5f4a8056ef09b0a15e394a473 18016 rt4-apache2_4.2.8-3+deb8u2_all.deb
42b18ba9ed170b2cc5fa533a34caa25f93361296860fef60682b0ea5fd0c531a 17326 rt4-db-postgresql_4.2.8-3+deb8u2_all.deb
a651e0feb1570518a9cd814e3873b1c658d2dbfcf4ffa942c7c9dcb973d0168e 17338 rt4-db-mysql_4.2.8-3+deb8u2_all.deb
07345719e4d05701a42118728632327695fa771049807423999ee2534615ce60 17438 rt4-db-sqlite_4.2.8-3+deb8u2_all.deb
632d93626f69ec019bf3874068703a217246ecb4ad38227d7ae7a800c0053a47 982314 rt4-doc-html_4.2.8-3+deb8u2_all.deb
Files:
0833e294412da55f7cee08f56a1cecc0 5629 misc optional request-tracker4_4.2.8-3+deb8u2.dsc
07b9879ce7f15eb58f965b09eeeb5df5 78564 misc optional request-tracker4_4.2.8-3+deb8u2.debian.tar.xz
213b3d14e5fcd7a028faf0a810922175 3073664 misc optional request-tracker4_4.2.8-3+deb8u2_all.deb
8d2657d25cd93f6911aa440d205ad709 51986 misc optional rt4-clients_4.2.8-3+deb8u2_all.deb
25d1629fe1a1d9493fba29225fd03d6a 16706 misc optional rt4-standalone_4.2.8-3+deb8u2_all.deb
c47fea0128687786b5d5e247ef26364f 19066 misc optional rt4-fcgi_4.2.8-3+deb8u2_all.deb
c127524044b9b49ceecd48c40fe5574f 18016 misc optional rt4-apache2_4.2.8-3+deb8u2_all.deb
d892812c5c474eb055dec399a18e0050 17326 misc optional rt4-db-postgresql_4.2.8-3+deb8u2_all.deb
c712018af0c4b969a516dfb11c1401dc 17338 misc optional rt4-db-mysql_4.2.8-3+deb8u2_all.deb
5af141024af30f80463d564e8e0f2129 17438 misc optional rt4-db-sqlite_4.2.8-3+deb8u2_all.deb
04d240bac23cce41c3897603a118a2f4 982314 doc optional rt4-doc-html_4.2.8-3+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZQXstAAoJEMAFfnFNaU+yv3sP/jUWXEN9nDlfD8aeHA+XByP4
whLSFHiYMzgBaJqG+DT0aeykAch5p1q2J91ZAcLE+BeS+QQI1gJWAKHI4X9W4TyP
iqDB1zjk4O7QC84cnXGMobfJejg5L/qyaqJAAfhPkxKtscFYTRj+5210wz235hfW
HKRb1A5gMlhPkjVLUoQSEQ01vbtVGFjVjN8WxXtI45ohMxbN9rZfSZTAwNURCp0+
UdUM3Tjy+y6gKShgbPuRCqdZVOfRcuhisSyMdN9Yy0fRmjuMfJL1TJU5m5/9HUmG
cim2FPTmFnIlfAQYLDvid9vSQine7kSQbgSPC07s1nzcI74KXP5hWZC0m8k+saI7
iiqg3Bgv9dvPWsEHPbyqn5hoGD9Bx3LHLuOFleYBby6vD5ZB34Ylk4l9e1/Mtjiu
jtGnF43iHmdHqvCdi37GplQwIa5sAAGEmxP0vs6+bCwyRVmwkIHFknIpnPnSHfv2
gqq6g7Vx0SbVCWroKQIO2CpaETw0xndE11FUt9/YBMrkBtPh9pmeVY6EIC7RzLxw
qxQpcni+7QpefRMTJz/4tmtqKIJMzb8+eVYJ0qMGMsa+GLhryvTT2jCjubbVKMNe
8+yp3muiWUgJpjLsheXK9kP24WeWRzqE7sxG1HQZq+a32m5wIKBHtBd6YPWzHGEs
04xadN1AF1XfqMk9C+WG
=Q7SB
-----END PGP SIGNATURE-----