Accepted request-tracker5 5.0.3+dfsg-3~deb12u2 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted request-tracker5 5.0.3+dfsg-3~deb12u2 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 04 Nov 2023 12:47:14 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: request-tracker5_5.0.3+dfsg-3~deb12u2_source.changes
- Debian-source: request-tracker5
- Debian-suite: proposed-updates
- Debian-version: 5.0.3+dfsg-3~deb12u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=b8gYQVhRiWSe86ot04LoCqGN+9Qqvk2/WlhzJ+6VM88=; b=lRHTphedW21n6Wvqhk8Tk+bxTQ 1sPrRIMwqVKXnF+hrNBl49r+6czDnaZNkPvLpkzNVwnUoUhIa3YrmYQNKd0fmSip0WLUWhymVDuij u6o5xPuVEz/+0T/fYz1tbE/4zl9V/Iv6969/v2D+sCC0YObXEF7VNiDzCIClAMh9gT/GbdU1JRREA bV3Vb/0EzjigVo09D1znP7qfGGS/Y0RIRdXIMhHjcOJC1QVApSc9B/u3b5wdSxoVoOdVRVk1zDeM8 PYHBA0XjBd/G4p695+OFnFxmcwJjwX1pFpiaMovIS6GYVBPeP5BZE940n5loZr0DD4Q9O98P0+C5C HtKlXYdw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1qzG3W-001I8g-7v@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Oct 2023 22:26:55 +1300
Source: request-tracker5
Architecture: source
Version: 5.0.3+dfsg-3~deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Closes: 1054517
Changes:
request-tracker5 (5.0.3+dfsg-3~deb12u2) bookworm-security; urgency=medium
.
* Apply upstream patch which fixes several security vulnerabilities
(Closes: #1054517).
- [CVE-2023-41259] Vulnerablility to unvalidated email headers in
incoming email and the mail-gateway REST interface.
- [CVE-2023-41620] Information leakage via response messages returned
from requests sent via the mail-gateway REST interface.
- [CVE-2023-45024] Information leakage via transaction searches made by
authenticated users in the transaction query builder.
- Reveal information about data on various RT objects in errors and other
response messages to REST 2 requests.
* Add upstream fix to tests for FTBFS due to expired certs.
Checksums-Sha1:
cdc312f25dc033bf49af2fff29bdd4748fed5fb6 6209 request-tracker5_5.0.3+dfsg-3~deb12u2.dsc
ef0b663b6363cabf3845f7f6bd5b508d66b0929e 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
4f043bd95000923aa8189403b73f52b720c534de 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz
307b425a830f9ff3df679e2d365a02a8c566bdcb 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
6480d63d9a35346ded583ff33d9bf183684d3bd1 162216 request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz
5aa286d0c12a22a2fc7cfaca9ce9b1dc72796e63 23916 request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo
Checksums-Sha256:
cbb6a74e3387753f7136d961fbdf7813ebf889463a56e171582f49becaf6ae2d 6209 request-tracker5_5.0.3+dfsg-3~deb12u2.dsc
49b856ff23be2f5265c7b3460ac3d49ef24e4462b8165d39fbb12b7776d0e66a 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
e23aee3cb291ccad5e521aeabe0fcd2f076bcfa8b7f801af498a7505e53d8441 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz
6cfc32a9bf2d09768a5ac2b103f21d6675dfc3490c06190562296e5b2082ccce 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
0f24c6e744fa8be92842fedd14f9dd3e670bc33593a77eb1440a848ab7580095 162216 request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz
6703816fa83d57d670a2a24ad471c8a4f71fb96d1d6f93ca356495cbec4af286 23916 request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo
Files:
4bb9137e3d4dcafebfc5991ee7bdf09a 6209 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2.dsc
7e052f0715b42102e6387f6e398a6e87 3217706 misc optional request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz
ec8a8fc2fbbf1ccebb4825ca0e2aeac5 18601901 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz
f52489a073fb418b7bc68a6bb672299e 455 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz.asc
609f0c35a0a02a5215fd8a7ec0994cd8 162216 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz
ed81b9680d57dbd50b5a98ff6fcd22c0 23916 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmU/dRMACgkQS1PZMeTT
6GNMRQ//aY2zzTUyOFU/2zoEE4+ZilA2TJkHuipIHVkK6B4una8iXW66eWzUZmoq
h6/q8X/lFOWRFFemnuPvDhJfPSE8xFvbL6uPJKc+jY8POk2vnRRRJm281e5PDQQe
4TmH9e0b006ZsHXzaO0VeeAm8hIoINmU550biPyrTUoF/DHdaTFCKNjvxKBShV9R
RWqfz2DSlVBqmzFlBh6yzuAIgmVreMldIpziNoT04RUywYZV71GjmAVnqN2j37gW
4g9g1cFZdCmeq6Yh8GitVVuJAZhRbGnOVKA2C6dsk3ombhjMtAtbLMh756K3n74/
4ZimizOXfPGZlq49ek4u/BefsO27aypuTu3BnFBRVOe7mRFGEKCgO9yqRgT5D+6l
HQWBBR1PvHp1LP/K4cpgjAtEIhz0EqqubKVcEVPV0Ko5ETDvI30bHixIz6+V6hUR
nIA4tUMzTXzWcmWD4z/rx1huD62tOamLWMGoNUEdj6YhEpeoGn/yGufkUyyFBxIo
7KNG8rYdUpGGNnQNeww1pt/f/uWq7HKq8qdTiOX5Gj3lJRDuiYSZoi9G1imAxi4K
H7GN1jUrmlrrrdbhZUbqdbBTjno9ToSGVziWna1LNBulCH89+KntB/ct9yMfrLxS
aszupcy3ptWLvaL7BknXFKzv7aZCAnYVbArX+UbSoN6fvfYqY2g=
=jboz
-----END PGP SIGNATURE-----