-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Oct 2023 22:32:15 +1300 Source: request-tracker4 Architecture: source Version: 4.4.6+dfsg-1.1+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 1054516 Changes: request-tracker4 (4.4.6+dfsg-1.1+deb12u1) bookworm-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities (Closes: #1054516). - [CVE-2023-41259] Vulnerablility to unvalidated email headers in incoming email and the mail-gateway REST interface. - [CVE-2023-41260] Information leakage via response messages returned from requests sent via the mail-gateway REST interface. * Replace patches from 4.4.6+dfsg-1.1 with git-dpm managed patches: - Switch-to-Test-MockTime-HiRes-in-date-api-test.diff - Update-tests-for-EN-datetime-locale-change-to-space.diff * Add upstream fix to tests for FTBFS due to expired certs. Checksums-Sha1: afe55f037df3622f6f6946852885a9d5eb13851c 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u1.dsc a94cec5d6a6068fb07b8545343400a45b13214e6 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 42047a4f7dc71c6fd51749c82aed3d6c3364f32a 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz 605eccf4536aa753c59e8daae593db36cb396050 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc ea61808acbfb7b74e28ad46220227254bf9c35a8 148136 request-tracker4_4.4.6+dfsg-1.1+deb12u1.debian.tar.xz 5c67a48f2d3d548998f8fecd55b400096306c8b7 20758 request-tracker4_4.4.6+dfsg-1.1+deb12u1_amd64.buildinfo Checksums-Sha256: 1a7e17f215a9ba9b4066c09b5b05c37dc33391d36a62cc3bcf7a42400ef59675 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u1.dsc c60bce0df49c477ae50f61836dccdfd63a2bd6abb696e093688c15be7f0966a3 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 1eff5bd9e556b5d6682ccd0e5b2f3dcc2c49a9ec4e215dadb90c4caf5e435e9e 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz f93cefaa0c4d5047118168aa2212752fe4e5906d8696bcf8fc287a2345b53a71 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc f0dc53e9295e5133159fbc83e0a90944bb15d8827d5a38e52155d775388af4a6 148136 request-tracker4_4.4.6+dfsg-1.1+deb12u1.debian.tar.xz b3ecb084fb10c2fb1d5673f0c1b15f23c07b16a878086cef0e506dd263d4de16 20758 request-tracker4_4.4.6+dfsg-1.1+deb12u1_amd64.buildinfo Files: 4fb5f923b7bc49c675568277301ebd9f 5978 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u1.dsc 1fe827bf2c3d69960d70627209c49b9d 3175260 misc optional request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz a34cde135dd5407df89d4a7ac752252f 10783318 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz 22d6678e6122cbdf290bbcc7d66ed6ca 455 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 92ebc10c25310952bf2d1ac634a1d616 148136 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u1.debian.tar.xz 83fae7898d7c56b0dd457362122e38c1 20758 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmU/djEACgkQS1PZMeTT 6GO5exAAnGLOpXKurMm22kd5T1jTqbENA35Rjt4UKJWFyqmV0FimNE1AQCsu18sy Wf0eFYleiqriYq+xNlJvR4vcfeqj3wweKs2Vz6jwGsfFPPMY7w16OHUirms/C3cu wRfsNgEYeBN/ymT6C01bzjz/PubeuELqEWzHSAeKl1uoYgY2U0Ir1EIhr4DM+tdh nPQSo6diXPy578fkMg6MdTbJwujIIOkSAIRgPDKfGHUIeAZdU3hHwATTqjxtU1gD xRjPnHtwfNlunvUe3q4qoDoDl0r167lqgoMsQZ47WrzyM+vgDuWrFWjLNbChd8R9 Rm5dDdT7zbKsNIjc7ha/OzLsISUSWbCeT0M0IiGDYiczEgpJC2z5FhqmUSquWbIw /gE18ZvvqLcoZAUcPmNATBYaXK5APIHNGpnBHznf5Eg7Mk9Pp9votS85Ik8P1Jlv 0PbhD+YzoQDsl2c+K7dgpEqLuLh719ldr1V7M/hVco2Cjwl7pkomAfSqSBObgr2N Kl693uhdfFWVFa8k+9okPnJX4IHu2QkmrtZH9XSIhOs78l2t5AEIaiExFE76UFbd 4YsDSEzckEXqR+u+Xk4j0hclDM/jaE1+XZ34+bwBw7mxxJzUJnkwmrKbIqsllp/i OzRNR5U49MIBDgH6FfJR3k71EAEPRvYU+WObDiEp/edefzY7Sic= =KBJo -----END PGP SIGNATURE-----
