Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted request-tracker4 4.4.4+dfsg-2+deb11u4 (source) into oldstable-security
Date: Wed, 07 May 2025 12:00:19 +0000
Signed by: Andrew Ruthven <andrew@etc.gen.nz>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 19 Apr 2025 12:40:58 +1200
Source: request-tracker4
Architecture: source
Version: 4.4.4+dfsg-2+deb11u4
Distribution: bullseye-security
Urgency: medium
Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Closes: 1068452 1104424
Changes:
 request-tracker4 (4.4.4+dfsg-2+deb11u4) bullseye-security; urgency=medium
 .
   * [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452).
   * Apply upstream patches which fix several security vulnerabilities
     (Closes: #1104424).
     - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
       malicious parameters in a search URL.
     - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
       encrypting SMIME email. This is an outdated cipher algorithm, so the
       default is changed to aes-128-cbc. In addition, this is now configurable
       so you can pick an alternate cipher now or in the future, or revert to
       des3 if needed for compatibility
   * Cherry-pick upstream fix to GnuPG test.
Checksums-Sha1:
 3b3b818a80aa7d02f3253094aab0a25028e9f8ad 5572 request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
 7d624996cc50e47946ba53228f61a21f54c996fc 157820 request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
 73090528ad6d9e7bb01cc651660e9c3444e8802a 20179 request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo
Checksums-Sha256:
 29db025cbf6e8b4ec266ab97d4273dde3cf6d96138f3d7a0b33a4809622d442c 5572 request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
 669cede40dd92590c22a67b29f62f394f3c5d68f3b798c65109dd4c048efaab3 157820 request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
 ebe6d3b08893fe80f522acc728a7fd57b0ef5c43e4d4a98aa41b8e5126801d92 20179 request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo
Files:
 b19ddce176bd5980300724630bf21e02 5572 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4.dsc
 0b80f3ea912a7e0b85c4c06d86fdca54 157820 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4.debian.tar.xz
 243a4f728903400a48710945a6d9cb47 20179 misc optional request-tracker4_4.4.4+dfsg-2+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmgbRkAACgkQS1PZMeTT
6GNsFQ/+Lzfpc1F0H+Km4OZG/Dvzldke7TI/gCXHm1nSL7HPm/sVubPRizXYqj+T
N+Ba25MGX7Q9fEkNR//9r8Mzf2lP7yoFce4J2BhbuILzk5RXAWr/Fwcmbz3jfoH+
pbB8LuZ39hRsPcXr6ETn7tOHFbzUSE4p5IWINPAyOBoUGUhkB898cT7VgJwz/Nkj
rJCY5e8kMoJhfzf36mU8nrs5hqrLX5Z/S63zT4j5Ex0QC0+Lv8PrOQ4qO6+aURLG
WsDvxUGl5NlUOGCIwORRcXOxA60zazVYpr22+Wpa+gGDTFfjVuvsQ4TcJfKz2GRT
dNwSCTOPnphWUv3rjcyRjhfEA0VybcqwwQ0bPeA5X6h9xBt6+ZTKbgcotaqD0zVM
+QOAA7FPW/1xbZM6rxfk7McEtXy495dF1IBDtbkdnmX6SOLGUl0SzKdLcSMuwdb0
GOlN6r0UlaoaPKV3XNoTqqFwIDen4UpMkIBWiu3QPQjn/atPx+VdClvXHqDMELGA
BCRmYgamndFdy8XNY8trmsszjxsBlVn5wxTv5PaRrCyxWsecUALST1zU0FthtH4t
lH6q4Wkr3tnHzwz1EjedNRtORpv4qCm9PehBZcq76L0YkpEkPX+QFd/BlTuB+TXg
UPl+R29BEQjhjeuOIqu62GQz5VR9gUoGNorlT98JFiyHg33PzoE=
=jDEo
-----END PGP SIGNATURE-----

News for package request-tracker4