-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 21 Jul 2022 17:06:28 +1200 Source: request-tracker5 Architecture: source Version: 5.0.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 984676 985704 988905 995167 Changes: request-tracker5 (5.0.3+dfsg-1) unstable; urgency=medium . * New upstream release (Closes: #988905). * Drop patches merged upstream: - use_webpath_for_relateddata_links.diff - rt-crypt-gnupg-combine-call.diff * Ensure package descriptions consistently refer to version 5 (Closes: #984676). * Ensure a sane database admin user is specified for both PostgreSQL and MySQL. * Only create symlinks for the DB upgrade scripts we ship (Closes: #985704). * Fixes a security vulnerability that involves a login timing side-channel attack. This resolves CVE-2021-38562 (Closes: #995167) * Update fix_test_ldap_ipv4.diff for new test t/externalauth/ldap_email_login.t * Add missing dependencies on dbconfig-{mysql,postgresql,sqlite3}. * Refresh debian/copyright * Fix multiple security issues: - [CVE-2022-25803] RT 5.0 is vulnerable to unvalidated, or open, redirects in ticket searches. - [CVE-2022-25802] A cross-site scripting (XSS) issue when displaying attachment content with fraudulent content types. This vulnerability is assigned - Not performing full rights checks on access to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access to the associated objects (like the ticket it is associated with). * RT is incompatible with Test::WWW::Mechanize 1.58, exclude that version. * Update upstream signing key. * Update Standards-Version to 4.6.1 (no changes) Checksums-Sha1: 84f1c0c1f289e8954b540a477889b3e822533c4c 6145 request-tracker5_5.0.3+dfsg-1.dsc ef0b663b6363cabf3845f7f6bd5b508d66b0929e 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz 4f043bd95000923aa8189403b73f52b720c534de 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz 307b425a830f9ff3df679e2d365a02a8c566bdcb 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc 659756e812249ae6187e5e7c496595f2939d45bf 88348 request-tracker5_5.0.3+dfsg-1.debian.tar.xz b4e2d5c6472dea65fb8b70b14a1264754de25c90 22317 request-tracker5_5.0.3+dfsg-1_amd64.buildinfo Checksums-Sha256: 0d22ae2ee6d68d6306be0c6ecf8bb4996a83dc1c562527b83181bc9e79b1c165 6145 request-tracker5_5.0.3+dfsg-1.dsc 49b856ff23be2f5265c7b3460ac3d49ef24e4462b8165d39fbb12b7776d0e66a 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz e23aee3cb291ccad5e521aeabe0fcd2f076bcfa8b7f801af498a7505e53d8441 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz 6cfc32a9bf2d09768a5ac2b103f21d6675dfc3490c06190562296e5b2082ccce 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc f0ad088001c12ec681afbdc139aadcf584ddee22c9b86446bab5635c9e6045f8 88348 request-tracker5_5.0.3+dfsg-1.debian.tar.xz c13d56e62d8ef77fdbf0524ac1646117378803378e9240b2826f540bec6cb6ab 22317 request-tracker5_5.0.3+dfsg-1_amd64.buildinfo Files: 1696c4fd66753b9230c6f44c6ff11d7d 6145 misc optional request-tracker5_5.0.3+dfsg-1.dsc 7e052f0715b42102e6387f6e398a6e87 3217706 misc optional request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz ec8a8fc2fbbf1ccebb4825ca0e2aeac5 18601901 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz f52489a073fb418b7bc68a6bb672299e 455 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz.asc e56b7db42dd0d1d5855089d688810e37 88348 misc optional request-tracker5_5.0.3+dfsg-1.debian.tar.xz ce3fc248bc6303a3a80b282bba1e2c3d 22317 misc optional request-tracker5_5.0.3+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmLY+aYACgkQS1PZMeTT 6GP5yg//Ufr28Yhrmt80zbQI7gbo6yV5kSc/hSIPHeAsnpZftwPrPF23unRC8Y/V rubcZay115wzHUGud+x0GTNykjQFCcf5b6anXaCoB9IyQwD9/iveDiMLa+ZSg/y0 oDWpawrv+i6U672uRCBawiY7MulEqwfw1Lk06vPKq8O1fnbIo0V1awZw6GQh2KBA /fJ/HIY3zwOz0SrLrM97XufJSZRiOQbz1AFAUv4fPrFC3XvVOw6YmoXSDv2b9xdL 1//gnnH6qVENWbkYn07e46pTeuIiH4u59udqfsGfHGKfKVNtMHWC1cymDxClSgsl LNWwkMSGyhv5wjomo3WTzVKnXBTeQw6Yzv8NAguWEfpMZMozzgItUnJcONyP+HFC bzE9da9YbwDBVmZ2zqLAGyYRSq1jTxYCWHvO5qCGZrI4CeSz/C/KALbfKYSxxvJ6 8Bg5on6nO6WEFJkzdAIgxniO6ZB1jSSA1IAreMZPC6n8rGAPFC6QhaRZlvchUVvK Q8XpF5yFZJjraVEKofYiuzZJRZooVK9C4YlvgtR/iwoo2DtLCyJyUyWhWYzUSAJ8 qLq8IQ8IeePbcrh7j8YvLCwPSZGs+suIoZVYh9v8OEqgJ6DrHQvjV3TQKhHO5VQw MoYWLT9AuWcx443QU9B6u7iHbDTIAksU2zchydjsPhZBiZF1CSw= =RysF -----END PGP SIGNATURE-----
