-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 15 Jul 2022 23:42:26 +1200 Source: request-tracker4 Architecture: source Version: 4.4.6+dfsg-1 Distribution: unstable Urgency: high Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 1011845 Changes: request-tracker4 (4.4.6+dfsg-1) unstable; urgency=high . * New upstream release. * Skip check for Mozilla::CA module to allow make testdeps to succeed. * Add third-party-source tarball to d/watch. * Update fix_test_ldap_ipv4.diff for new test t/externalauth/ldap_email_login.t * Add some missing dependencies (Closes: #1011845). * Fix multiple security issues: - [CVE-2022-25802] A cross-site scripting (XSS) issue when displaying attachment content with fraudulent content types. This vulnerability is assigned - Not performing full rights checks on access to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access to the associated objects (like the ticket it is associated with). * Add missing dependencies on dbconfig-{mysql,postgresql,sqlite3}. * Refresh debian/copyright Checksums-Sha1: 39bb4e8180fe62cf7ca9c9c39a864c06a439d887 5906 request-tracker4_4.4.6+dfsg-1.dsc a94cec5d6a6068fb07b8545343400a45b13214e6 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 42047a4f7dc71c6fd51749c82aed3d6c3364f32a 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz 605eccf4536aa753c59e8daae593db36cb396050 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 8acb66d07225f9e74763a8c09acec8e6493eeb26 82928 request-tracker4_4.4.6+dfsg-1.debian.tar.xz 0efdbcb3b193c0bb1229c97070c4bea87f9e1fc7 19753 request-tracker4_4.4.6+dfsg-1_amd64.buildinfo Checksums-Sha256: 166874d42cee4d4d8ae6bde5a6c28f679b0e80cae6d77e7ea3cfbcddb9d780cd 5906 request-tracker4_4.4.6+dfsg-1.dsc c60bce0df49c477ae50f61836dccdfd63a2bd6abb696e093688c15be7f0966a3 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 1eff5bd9e556b5d6682ccd0e5b2f3dcc2c49a9ec4e215dadb90c4caf5e435e9e 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz f93cefaa0c4d5047118168aa2212752fe4e5906d8696bcf8fc287a2345b53a71 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 644758b5be73dd411c0b53075f5d9f4a88d2f4964c9e8c2392a00379508ede5b 82928 request-tracker4_4.4.6+dfsg-1.debian.tar.xz 5545daeff2fd173bfadf3dec0d08855bc3fe358b2e2c32d6bf8a4080d1cf22c3 19753 request-tracker4_4.4.6+dfsg-1_amd64.buildinfo Files: d69b220bc8801528e6e5de100df30884 5906 misc optional request-tracker4_4.4.6+dfsg-1.dsc 1fe827bf2c3d69960d70627209c49b9d 3175260 misc optional request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz a34cde135dd5407df89d4a7ac752252f 10783318 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz 22d6678e6122cbdf290bbcc7d66ed6ca 455 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 69a7522231cc0f81824207b7103ecc20 82928 misc optional request-tracker4_4.4.6+dfsg-1.debian.tar.xz 5ebdc785a0b86c549596c99f789cb46c 19753 misc optional request-tracker4_4.4.6+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmLWhFMACgkQS1PZMeTT 6GOk0Q//SGhPD5sQqRlJVMiqp+3RydYPBuPjrKZRy2946ENXofd7feJ26Tif/2eC hKBdmynSZhbfTZwlL+bDBrazh+ijv/ZORvd0TFDqg0smqXy0hKLXZtY5UAXkdifE BoQdrJhWiubjbs8Irz+JiggazLcKAZpIBi5buhR3vhbR14Kvc10m77lqzVjNaql2 yfVUTN2+cS+5uDZkYkTWyPm5ZchKly8S9t/mGBS4hwMOS7VwK+8wDjxIuFLatZza WkYqWzZjpvvoqSmMFL80k7GCu5XUyyFpf5pl89k90cyRQWk4NChd6QSLU/fu0Gpr 5FOEUZpuzND3zHPbU5dul/0jgnfNHji9ax3v5p8a9stDX1OnC4pXdnLMAbN8Kt3i TdjlwE3n487vC2kL7NDPRashBpoov1IDZU4PwGhN5/abf7msEGQYVM90KFWuvJQX mi6VPmxxw2gnfXe2SVvdMRF6zU/q2WYufkVCplbHkQw7SM+hmhLXJDtyWVvRwJfA ZdzvKHI0hsghQGLlYOeCjCxQTG6JSXdA0FqqGZRMzEOJx/k3b+1w/z8cAm5JjsrG NKO0JRzcTNgMNVlg3Bfs06lhjQCEksPsXSSi0p2YwaYe+CEKat009TMpmD8wDVzE AhtCPdEm+lbJQimm4e57VPAm4eozO2GZH9ha9AqjYJnAEUFpCyk= =8eu3 -----END PGP SIGNATURE-----
