-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Oct 2023 22:26:55 +1300 Source: request-tracker5 Architecture: source Version: 5.0.3+dfsg-3~deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 1054517 Changes: request-tracker5 (5.0.3+dfsg-3~deb12u2) bookworm-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities (Closes: #1054517). - [CVE-2023-41259] Vulnerablility to unvalidated email headers in incoming email and the mail-gateway REST interface. - [CVE-2023-41620] Information leakage via response messages returned from requests sent via the mail-gateway REST interface. - [CVE-2023-45024] Information leakage via transaction searches made by authenticated users in the transaction query builder. - Reveal information about data on various RT objects in errors and other response messages to REST 2 requests. * Add upstream fix to tests for FTBFS due to expired certs. Checksums-Sha1: cdc312f25dc033bf49af2fff29bdd4748fed5fb6 6209 request-tracker5_5.0.3+dfsg-3~deb12u2.dsc ef0b663b6363cabf3845f7f6bd5b508d66b0929e 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz 4f043bd95000923aa8189403b73f52b720c534de 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz 307b425a830f9ff3df679e2d365a02a8c566bdcb 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc 6480d63d9a35346ded583ff33d9bf183684d3bd1 162216 request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz 5aa286d0c12a22a2fc7cfaca9ce9b1dc72796e63 23916 request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo Checksums-Sha256: cbb6a74e3387753f7136d961fbdf7813ebf889463a56e171582f49becaf6ae2d 6209 request-tracker5_5.0.3+dfsg-3~deb12u2.dsc 49b856ff23be2f5265c7b3460ac3d49ef24e4462b8165d39fbb12b7776d0e66a 3217706 request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz e23aee3cb291ccad5e521aeabe0fcd2f076bcfa8b7f801af498a7505e53d8441 18601901 request-tracker5_5.0.3+dfsg.orig.tar.gz 6cfc32a9bf2d09768a5ac2b103f21d6675dfc3490c06190562296e5b2082ccce 455 request-tracker5_5.0.3+dfsg.orig.tar.gz.asc 0f24c6e744fa8be92842fedd14f9dd3e670bc33593a77eb1440a848ab7580095 162216 request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz 6703816fa83d57d670a2a24ad471c8a4f71fb96d1d6f93ca356495cbec4af286 23916 request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo Files: 4bb9137e3d4dcafebfc5991ee7bdf09a 6209 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2.dsc 7e052f0715b42102e6387f6e398a6e87 3217706 misc optional request-tracker5_5.0.3+dfsg.orig-third-party-source.tar.gz ec8a8fc2fbbf1ccebb4825ca0e2aeac5 18601901 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz f52489a073fb418b7bc68a6bb672299e 455 misc optional request-tracker5_5.0.3+dfsg.orig.tar.gz.asc 609f0c35a0a02a5215fd8a7ec0994cd8 162216 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2.debian.tar.xz ed81b9680d57dbd50b5a98ff6fcd22c0 23916 misc optional request-tracker5_5.0.3+dfsg-3~deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmU/dRMACgkQS1PZMeTT 6GNMRQ//aY2zzTUyOFU/2zoEE4+ZilA2TJkHuipIHVkK6B4una8iXW66eWzUZmoq h6/q8X/lFOWRFFemnuPvDhJfPSE8xFvbL6uPJKc+jY8POk2vnRRRJm281e5PDQQe 4TmH9e0b006ZsHXzaO0VeeAm8hIoINmU550biPyrTUoF/DHdaTFCKNjvxKBShV9R RWqfz2DSlVBqmzFlBh6yzuAIgmVreMldIpziNoT04RUywYZV71GjmAVnqN2j37gW 4g9g1cFZdCmeq6Yh8GitVVuJAZhRbGnOVKA2C6dsk3ombhjMtAtbLMh756K3n74/ 4ZimizOXfPGZlq49ek4u/BefsO27aypuTu3BnFBRVOe7mRFGEKCgO9yqRgT5D+6l HQWBBR1PvHp1LP/K4cpgjAtEIhz0EqqubKVcEVPV0Ko5ETDvI30bHixIz6+V6hUR nIA4tUMzTXzWcmWD4z/rx1huD62tOamLWMGoNUEdj6YhEpeoGn/yGufkUyyFBxIo 7KNG8rYdUpGGNnQNeww1pt/f/uWq7HKq8qdTiOX5Gj3lJRDuiYSZoi9G1imAxi4K H7GN1jUrmlrrrdbhZUbqdbBTjno9ToSGVziWna1LNBulCH89+KntB/ct9yMfrLxS aszupcy3ptWLvaL7BknXFKzv7aZCAnYVbArX+UbSoN6fvfYqY2g= =jboz -----END PGP SIGNATURE-----