-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 Oct 2023 13:42:33 +1300 Source: request-tracker5 Architecture: source Version: 5.0.5+dfsg-1 Distribution: unstable Urgency: high Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 1054517 Changes: request-tracker5 (5.0.5+dfsg-1) unstable; urgency=high . * New upstream release (Closes: #1054517). - [CVE-2023-41529] Vulnerablility to unvalidated email headers in incoming email and the mail-gateway REST interface. - [CVE-2023-41620] Information leakage via response messages returned from requests sent via the mail-gateway REST interface. - [CVE-2023-45024] Information leakage via transaction searches made by authenticated users in the transaction query builder. - Reveal information about data on various RT objects in errors and other response messages to REST 2 requests. * Drop patches no longer needed: - Update-expired-certificates.diff - Update-legacy-timezones.diff - install_rt-clean-shorteners.diff * Drop patches merged upstream: - fcgi_client_sigpipe.diff - fix_pod_rt_munge_attachments.diff * Add autopkgtests. Checksums-Sha1: 51eb2a2620e90fed2c7f5a440b702c76226a260e 6262 request-tracker5_5.0.5+dfsg-1.dsc fc77d6d5b743c92a65edd55e3a51dc02494b7c0d 3271862 request-tracker5_5.0.5+dfsg.orig-third-party-source.tar.gz b94ac7c237d108da79474f0250b83f92c6607a78 19055361 request-tracker5_5.0.5+dfsg.orig.tar.gz 83547a7ccc587e1801af355d7ff333a682bb3ab3 488 request-tracker5_5.0.5+dfsg.orig.tar.gz.asc dbc079772f81664c8283af82d0b945ea9c240dea 144360 request-tracker5_5.0.5+dfsg-1.debian.tar.xz 8d97778f2b5a319183c0721f0b1e659f739ee4a1 23662 request-tracker5_5.0.5+dfsg-1_amd64.buildinfo Checksums-Sha256: edc7c567e7247e5eeb24e3da1a299f552705f41b13ac44b0c519fd3a44c28233 6262 request-tracker5_5.0.5+dfsg-1.dsc 420ef039ded33e2a9b75a092a867ff4510d6da0725471427abcabbfb6aa66bf9 3271862 request-tracker5_5.0.5+dfsg.orig-third-party-source.tar.gz 90f845daaa436198c334b6e9cf5afb1df9f4445dcc165d0bcae35de9eb9be8ef 19055361 request-tracker5_5.0.5+dfsg.orig.tar.gz 0c6f256434ae9d18e08e5267ae0dd6af817378c48a01e9bdc49a7cadbe43c47a 488 request-tracker5_5.0.5+dfsg.orig.tar.gz.asc 8c8ee28536477cb2049e3db873c2a45526397306d8f6c03e5288c0856559447d 144360 request-tracker5_5.0.5+dfsg-1.debian.tar.xz f0199ad2a500568ddc8cf7ef8d166ddc586509b3aeb7c4cd8a61324df01570a6 23662 request-tracker5_5.0.5+dfsg-1_amd64.buildinfo Files: 5da7fde44dffcf333efc1695dfcbc143 6262 misc optional request-tracker5_5.0.5+dfsg-1.dsc 679ce43ff1559c1036b1cdb0864d8473 3271862 misc optional request-tracker5_5.0.5+dfsg.orig-third-party-source.tar.gz 01a9c4c82fe05e890db36e78f3a4c935 19055361 misc optional request-tracker5_5.0.5+dfsg.orig.tar.gz ba15b59fe30b44e49b58d9d231d66999 488 misc optional request-tracker5_5.0.5+dfsg.orig.tar.gz.asc d6c7680270710afe3c72b0c5ac21255e 144360 misc optional request-tracker5_5.0.5+dfsg-1.debian.tar.xz f37095806cee3cf3fea80e11de280cb6 23662 misc optional request-tracker5_5.0.5+dfsg-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmU+CYoACgkQS1PZMeTT 6GMoFw/+O2M/uA6OAtbXE35w+7GXtu44WBwtl41jP43o0qSUXz+iBDaRVA60+YHD zlI7ufQXDWzFuD0H2Uaa/u020c5oraGAu0yFI3unsXZrBTF0ZVs6Fl342FrbOspJ PqOdTvdJ6eTNFG0yw4B9ivyU6D+QA1h8k1yL+tG8wFcrGFX90j5OiW0lTk7d8ry0 pZMdmnciSIVXAucfLLS42etcmVumW4O8wEoAkg5d5hZUDNaEONaIRekZKEUheH3Q 76AUeEfj/BNFdmOFr+4dQA1zZPLjdw4hwB0t8Wf2SUy8atnWoOklGQhjZkzg/eI/ SzSlso4vnFbtzDHdqMzk23G9mFecaCVxJTBGhJYcefC3IUje/SPvLTsqtpZ2LabQ qlsSqOXY9tQuUHpPmD6dhzs3HsoQvMbiy22/cqR/RtkjHBTljhWmnS9bbbHAeY8y TDce7cRFhGCS6gUjqB91oM/mF131SN+EXhVCWCcuYU0m1pUdKlJCj+q+3QGHvAHe 81TiMKvxjtCHy3REvr/SyJGq7bXaXLelTai/hK6lqlaESRHFe9kDjizcONlfi/oI 2iBCqMaAxhD9aVrjQJglK50ietFRSHZBlL97ThX1RfwWTf8OOX2aUilKlo/2vx9N 9ckQ7U24B2AnHzuXrGaw39g8iZjh6ILZxOsANqqIX8oelEkS6d8= =lYFY -----END PGP SIGNATURE-----
