-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Apr 2025 15:48:48 +1200 Source: request-tracker4 Architecture: source Version: 4.4.6+dfsg-1.1+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Andrew Ruthven <andrew@etc.gen.nz> Changed-By: Andrew Ruthven <andrew@etc.gen.nz> Closes: 1068452 Changes: request-tracker4 (4.4.6+dfsg-1.1+deb12u2) bookworm-security; urgency=medium . * Apply upstream patches which fixes several security vulnerabilities. - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of malicious parameters in a search URL. - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for encrypting SMIME email. This is an outdated cipher algorithm, so the default is changed to aes-128-cbc. In addition, this is now configurable so you can pick an alternate cipher now or in the future, or revert to des3 if needed for compatibility * [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452). Checksums-Sha1: 1da1b59a7d65eb8d1092921c6637b38eb04a01bb 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc 1f4fac598e3e3b3e565266070031488658d81fee 153928 request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz 4c2b35f6d66adc70c16ee41723cc85f61a8486bc 20864 request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo Checksums-Sha256: 56a6e1c7e8aca242aa5fd356acfe4a6806ea08f512312faf18f69517369c9acd 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc e9445f8f55633a8107f78fee811194014d90dacb3ace36942556ee4e79e6d864 153928 request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz 1280df5f6607dcee8834c79b0661764183ef421aeab3c59acc24ff6162e5a304 20864 request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo Files: 7f823d0e88c2af8cb4922e88cc807478 5978 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc e98953788e827da30a81fca18f59f667 153928 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz 11a85b19a5a5db10ad63eca45b445163 20864 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmgC7MQACgkQS1PZMeTT 6GMYKBAAmIamfGXohQVJzJwrd3fQvJ44jJ5r9HQgOx6yuM1ao+xc/EqwTJJKD6KG sa4Ap5wGuke/woWpCYzp6JJlids9KAFGhR2lhEkQ+pOhWwl4QX+O5f1rbnsuz9tb 0auvNCbjbNfcBGBMiWxuApg7otgFH6Ja6AKMs2GgGNZuffB3ulRd5934f+ANDNTG i4TPyElYN4xFlA1hsVWYcCUBcwkSBWiwBnmYeJg7l7y6DtY4RlIvfwijAKFQ1jug frGg6TV5y2/MDXx92Mrs+Ino1Sb38GAfFRSTtGpZKRszsrWpR3tUwNZB3npJ+Xor 1E9Cs+j6jGmIpeIGteDGbOfsghOdUnnMLfn3zk80s5phOWKytQp+m0N2vOwBsFma i/bm23o396A+NH7qMN1+Gf63FlPYqaIVix+Oov8Euf5Fz+WTPDxQOmOFvRLxO3/6 cRTjDKnE3gSnOjhsjxjyJTBtbU1wPmpPe2y6KGg9b42JjA1k5vu2NIIiQ4KuiqSX fgeF5ROP+tUE6RHLLnBTG7JQy7IfIl7dX1m+NRrFplqPEJvBmBwJoNx0ZNafJpRF 90Ky7E3CcOPA9SNM9U1+nfGyBaR5OEr4aadqbO5L9p87XeD4sDKeMEYx6vSl7tGi XJ5XDOwAg8eMvqpgT5POTe9hA++c/G+DjMdftT1+RSPjqv8S/LY= =R9/u -----END PGP SIGNATURE-----