Accepted request-tracker5 5.0.3+dfsg-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted request-tracker5 5.0.3+dfsg-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 21 Jul 2022 07:19:22 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Subject: Content-Transfer-Encoding:Content-Type:MIME-Version:To:Reply-To:From:Cc: Content-ID:Content-Description:In-Reply-To:References; bh=W4+GcPaYAHENgkReFR78FPoyeFvAo0xKz/1TgNCoWsk=; b=WdNNP2y22lYnE2otSKyg5+2OFo N2sgYKUyZ9FdHSz7uFD2deINKGiIyLNEH2h5JQ2uvw9X5Di1qtPJLTlW0fkL+kealZcLSRTUKt1pr DjJ3lzGgUiwj62SHU6WPQIFYpStCYhYhY70aT0Cs958Rjhwz7XKXujEgP/5NznGdQDjTETj4dkMpF 54PVIF7lcUE9iZNKHrGxzU+/oUrk4alCRSyhzR/78rdX76L8wOZ/D+lxtUdGHTmhW42/KdltquQJV wLqUNaqW+iCeCABvt7T69r/lU3xnbZM7uW+02n0QRXwNnIc2kOmLmg1tNf0sdEIQGoCQcntWHeb9K oowGy9ew==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1oEQSw-0005Pa-GG@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 21 Jul 2022 17:06:28 +1200
Source: request-tracker5
Architecture: source
Version: 5.0.3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Closes: 984676 985704 988905 995167
Changes:
request-tracker5 (5.0.3+dfsg-1) unstable; urgency=medium
.
* New upstream release (Closes: #988905).
* Drop patches merged upstream:
- use_webpath_for_relateddata_links.diff
- rt-crypt-gnupg-combine-call.diff
* Ensure package descriptions consistently refer to version 5
(Closes: #984676).
* Ensure a sane database admin user is specified for both PostgreSQL
and MySQL.
* Only create symlinks for the DB upgrade scripts we ship (Closes: #985704).
* Fixes a security vulnerability that involves a login timing side-channel
attack. This resolves CVE-2021-38562 (Closes: #995167)
* Update fix_test_ldap_ipv4.diff for new test
t/externalauth/ldap_email_login.t
* Add missing dependencies on dbconfig-{mysql,postgresql,sqlite3}.
* Refresh debian/copyright
* Fix multiple security issues:
- [CVE-2022-25803] RT 5.0 is vulnerable to unvalidated, or open,
redirects in ticket searches.
- [CVE-2022-25802] A cross-site scripting (XSS) issue when displaying
attachment content with fraudulent content types. This vulnerability
is assigned
- Not performing full rights checks on access to file or image type
custom fields, possibly allowing access to these custom fields by
users without rights to access to the associated objects (like the
ticket it is associated with).
* RT is incompatible with Test::WWW::Mechanize 1.58, exclude that version.
* Update upstream signing key.
* Update Standards-Version to 4.6.1 (no changes)
Checksums-Sha1:
84f1c0c1f289e8954b540a477889b3e822533c4c 6145 request-tracker5_5.0.3+dfsg-1.dsc
ef0b663b6363cabf3845f7f6bd5b508d66b0929e 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
4f043bd95000923aa8189403b73f52b720c534de 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz
307b425a830f9ff3df679e2d365a02a8c566bdcb 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
659756e812249ae6187e5e7c496595f2939d45bf 88348 request-tracker5_5.0.3+dfsg-1.debian.tar.xz
b4e2d5c6472dea65fb8b70b14a1264754de25c90 22317 request-tracker5_5.0.3+dfsg-1_amd64.buildinfo
Checksums-Sha256:
0d22ae2ee6d68d6306be0c6ecf8bb4996a83dc1c562527b83181bc9e79b1c165 6145 request-tracker5_5.0.3+dfsg-1.dsc
49b856ff23be2f5265c7b3460ac3d49ef24e4462b8165d39fbb12b7776d0e66a 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
e23aee3cb291ccad5e521aeabe0fcd2f076bcfa8b7f801af498a7505e53d8441 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz
6cfc32a9bf2d09768a5ac2b103f21d6675dfc3490c06190562296e5b2082ccce 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
f0ad088001c12ec681afbdc139aadcf584ddee22c9b86446bab5635c9e6045f8 88348 request-tracker5_5.0.3+dfsg-1.debian.tar.xz
c13d56e62d8ef77fdbf0524ac1646117378803378e9240b2826f540bec6cb6ab 22317 request-tracker5_5.0.3+dfsg-1_amd64.buildinfo
Files:
1696c4fd66753b9230c6f44c6ff11d7d 6145 misc optional request-tracker5_5.0.3+dfsg-1.dsc
7e052f0715b42102e6387f6e398a6e87 3217706 misc optional request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
ec8a8fc2fbbf1ccebb4825ca0e2aeac5 18601901 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz
f52489a073fb418b7bc68a6bb672299e 455 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
e56b7db42dd0d1d5855089d688810e37 88348 misc optional request-tracker5_5.0.3+dfsg-1.debian.tar.xz
ce3fc248bc6303a3a80b282bba1e2c3d 22317 misc optional request-tracker5_5.0.3+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmLY+aYACgkQS1PZMeTT
6GP5yg//Ufr28Yhrmt80zbQI7gbo6yV5kSc/hSIPHeAsnpZftwPrPF23unRC8Y/V
rubcZay115wzHUGud+x0GTNykjQFCcf5b6anXaCoB9IyQwD9/iveDiMLa+ZSg/y0
oDWpawrv+i6U672uRCBawiY7MulEqwfw1Lk06vPKq8O1fnbIo0V1awZw6GQh2KBA
/fJ/HIY3zwOz0SrLrM97XufJSZRiOQbz1AFAUv4fPrFC3XvVOw6YmoXSDv2b9xdL
1//gnnH6qVENWbkYn07e46pTeuIiH4u59udqfsGfHGKfKVNtMHWC1cymDxClSgsl
LNWwkMSGyhv5wjomo3WTzVKnXBTeQw6Yzv8NAguWEfpMZMozzgItUnJcONyP+HFC
bzE9da9YbwDBVmZ2zqLAGyYRSq1jTxYCWHvO5qCGZrI4CeSz/C/KALbfKYSxxvJ6
8Bg5on6nO6WEFJkzdAIgxniO6ZB1jSSA1IAreMZPC6n8rGAPFC6QhaRZlvchUVvK
Q8XpF5yFZJjraVEKofYiuzZJRZooVK9C4YlvgtR/iwoo2DtLCyJyUyWhWYzUSAJ8
qLq8IQ8IeePbcrh7j8YvLCwPSZGs+suIoZVYh9v8OEqgJ6DrHQvjV3TQKhHO5VQw
MoYWLT9AuWcx443QU9B6u7iHbDTIAksU2zchydjsPhZBiZF1CSw=
=RysF
-----END PGP SIGNATURE-----