Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted request-tracker5 5.0.7+dfsg-4+deb13u1 (source all) into stable-security
Date: Wed, 22 Oct 2025 20:39:01 +0000
Signed by: Andrew Ruthven <andrew@etc.gen.nz>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Oct 2025 21:16:58 +1300
Source: request-tracker5
Binary: request-tracker5 rt5-apache2 rt5-clients rt5-db-mysql rt5-db-postgresql rt5-db-sqlite rt5-doc-html rt5-fcgi rt5-standalone
Architecture: source all
Version: 5.0.7+dfsg-4+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Description:
 request-tracker5 - extensible trouble-ticket tracking system
 rt5-apache2 - Apache 2 specific files for request-tracker5
 rt5-clients - mail gateway and command-line interface to request-tracker5
 rt5-db-mysql - MySQL database backend for request-tracker5
 rt5-db-postgresql - PostgreSQL database backend for request-tracker5
 rt5-db-sqlite - SQLite database backend for request-tracker5
 rt5-doc-html - HTML documentation for request-tracker5
 rt5-fcgi   - External FastCGI support for request-tracker5
 rt5-standalone - Standalone web server support for request-tracker5
Changes:
 request-tracker5 (5.0.7+dfsg-4+deb13u1) trixie-security; urgency=medium
 .
   * Apply upstream patch which fixes several security vulnerabilities:
     - [CVE-2025-61873] Fix CSV injection via ticket values with special
       characters that are exported to a TSV from search results.
     - [CVE-2025-9158] Fix XSS via calendar invitations added to a ticket.
Checksums-Sha1:
 68ef7dc492459031cf1b1ca221927d14923de8f8 6044 request-tracker5_5.0.7+dfsg-4+deb13u1.dsc
 602bc9baafdd591bcc3b17c344cb5f6f41cbd395 3271953 request-tracker5_5.0.7+dfsg.orig-third-party-source.tar.gz
 81da562fce8b328c3c257a26fa2ea80281b2f7e2 19782235 request-tracker5_5.0.7+dfsg.orig.tar.gz
 3a4bd89084e42a5bdfc908f3bce363dba28aa986 131904 request-tracker5_5.0.7+dfsg-4+deb13u1.debian.tar.xz
 d5b0db29f60de584ef13b5928e55470d47f603a8 12953616 request-tracker5_5.0.7+dfsg-4+deb13u1_all.deb
 09e7769289a96c487005b5950e76bad54881e75d 25039 request-tracker5_5.0.7+dfsg-4+deb13u1_amd64.buildinfo
 40ca4ac186ff92b2cd84270dafab1de08b58fd47 20444 rt5-apache2_5.0.7+dfsg-4+deb13u1_all.deb
 f7fe04f71fb775da4188a622096ea0896aa82e59 50836 rt5-clients_5.0.7+dfsg-4+deb13u1_all.deb
 06b23585f1cab4c9536b4447140443155cab2d95 19776 rt5-db-mysql_5.0.7+dfsg-4+deb13u1_all.deb
 d8a533146478bbe24c58a5d31d98b540a922a8fb 19756 rt5-db-postgresql_5.0.7+dfsg-4+deb13u1_all.deb
 d37e40ebef682e9f0ed3ee0228836fca7b591edd 19876 rt5-db-sqlite_5.0.7+dfsg-4+deb13u1_all.deb
 a190ad131114ca92ead5d63d0e41955d6a7a723a 5289040 rt5-doc-html_5.0.7+dfsg-4+deb13u1_all.deb
 20fd63ab5d231570f666078618e2d4169fcf22c7 22600 rt5-fcgi_5.0.7+dfsg-4+deb13u1_all.deb
 0363220b87c884261b62777ea67e818de9955efc 19236 rt5-standalone_5.0.7+dfsg-4+deb13u1_all.deb
Checksums-Sha256:
 20313a163949b54df895737e55cd20388cdc2d361fe93537f88cce12058104ad 6044 request-tracker5_5.0.7+dfsg-4+deb13u1.dsc
 88a059ec2a239f39f2a89d9df42b76b0860f35c0e484eb9eaba0adb9571b9d6f 3271953 request-tracker5_5.0.7+dfsg.orig-third-party-source.tar.gz
 1a1a4838979f08c58e67642686e4fd980e1f4ee98e144ff8a56f870f37162cce 19782235 request-tracker5_5.0.7+dfsg.orig.tar.gz
 f2e50b67cb4e47230457f4b1f5397a61c4ecb76ae2b670d90e1b4bf1bde03336 131904 request-tracker5_5.0.7+dfsg-4+deb13u1.debian.tar.xz
 735c3315f3d0112a7c31221e51b95c0ce79edb17243cc7cfa03bb7864c6ca100 12953616 request-tracker5_5.0.7+dfsg-4+deb13u1_all.deb
 b17bdc3bcab4736f36968fbde210967e5e41f1f6f240713c63eefda2c10efc5d 25039 request-tracker5_5.0.7+dfsg-4+deb13u1_amd64.buildinfo
 d0e3b53e7099cd99133abdf147a3dade1c5849251b5ac183cfb559c37ee87e36 20444 rt5-apache2_5.0.7+dfsg-4+deb13u1_all.deb
 e154a330ad54495ec9004940b5aec46c2a4d7d36d7a582de56f5e020750b7059 50836 rt5-clients_5.0.7+dfsg-4+deb13u1_all.deb
 d7632e195502fb29f2e2a214acc07e7b2aea055ce1ebbc211a542fa4c1ed312f 19776 rt5-db-mysql_5.0.7+dfsg-4+deb13u1_all.deb
 1b2ac2a513993f4fe042df02107f6d8491ac1b993fc05687325b1f56c10beca6 19756 rt5-db-postgresql_5.0.7+dfsg-4+deb13u1_all.deb
 6118899cbc2427d1e22cb42e70865f08762e3b426059e9f5191b5c2633215775 19876 rt5-db-sqlite_5.0.7+dfsg-4+deb13u1_all.deb
 c46a5a107aedeb06efa2d297e140e0cbc384f44595543dab29e7dcfe9111ed13 5289040 rt5-doc-html_5.0.7+dfsg-4+deb13u1_all.deb
 d6c067c970f022f948ebf4340024f1e4707aea384955ae1fe07d13d3072c3e44 22600 rt5-fcgi_5.0.7+dfsg-4+deb13u1_all.deb
 fd78ffb002a3d2988172a21c5838dbc5781948bf435a622aac1104b9e0cd1b76 19236 rt5-standalone_5.0.7+dfsg-4+deb13u1_all.deb
Files:
 4752ef725903867fb135e1854dbd8150 6044 misc optional request-tracker5_5.0.7+dfsg-4+deb13u1.dsc
 106021a3f34ed5960d28bdeea1b1bf37 3271953 misc optional request-tracker5_5.0.7+dfsg.orig-third-party-source.tar.gz
 3465862785bbecb827e5cab426a0d5eb 19782235 misc optional request-tracker5_5.0.7+dfsg.orig.tar.gz
 5f715b15ebc7dccd95c3695394abfeee 131904 misc optional request-tracker5_5.0.7+dfsg-4+deb13u1.debian.tar.xz
 2169116440ebc09b6599ccc1485d5b5f 12953616 misc optional request-tracker5_5.0.7+dfsg-4+deb13u1_all.deb
 f5279e7e90e20658681e7faef6eac9da 25039 misc optional request-tracker5_5.0.7+dfsg-4+deb13u1_amd64.buildinfo
 d2cef567c2ede7e78e01acc333737909 20444 misc optional rt5-apache2_5.0.7+dfsg-4+deb13u1_all.deb
 5eb669d3e7f6559effb0f2a5e2783d96 50836 misc optional rt5-clients_5.0.7+dfsg-4+deb13u1_all.deb
 840799d90c75d70bbacf1a3c8fb2423c 19776 misc optional rt5-db-mysql_5.0.7+dfsg-4+deb13u1_all.deb
 0d57185d604d8b9d8ff91dbfab124573 19756 misc optional rt5-db-postgresql_5.0.7+dfsg-4+deb13u1_all.deb
 1bb20f382ba2ff0883830fc899913762 19876 misc optional rt5-db-sqlite_5.0.7+dfsg-4+deb13u1_all.deb
 bfa5022f4cb8fa5aa99a90970600b842 5289040 doc optional rt5-doc-html_5.0.7+dfsg-4+deb13u1_all.deb
 0ed0903ef7fff746c971f6bfaa767c7a 22600 misc optional rt5-fcgi_5.0.7+dfsg-4+deb13u1_all.deb
 d5472de45dadd3006dc31bea8040b8b3 19236 misc optional rt5-standalone_5.0.7+dfsg-4+deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmj0ONQACgkQS1PZMeTT
6GOVfxAAqbSV6f4+ws4NDlFRBEK2JvMfCzQ2BvkeDODcBoByLR1egEqoS9vSrCMB
lLr9uAupFP7xw6uE/imakBoVJ0n7wGbYMvyRo+EsiK70+AyZk4M/sCEQhKbdNGsw
c/A60/BUQqsXjUcye22GuMy2BTYj6troZT8XYdGEjegHbHttNtvCe5zNLxJnhlaA
9V0ZO6qda0jRjxNBRChEXI9bcC5GZrq1HQAH7OG27WkeWjhxZpZDjd6NETCLMX1j
Ct5Y+uJcjsBtcaqgFRN1J9rU31a+d1ubQjZxISy0mudlF/6J2KDeSDIqHuFqJ6Kq
TX2bnlkQgQg+Mb1AcheVFmQCkSGQOj/+Ef4H/i55sVKaHhK5JpWlMXkuirazkhvH
U9dUPzpPyT5ujkOB0QvSHP4gXd5f623EedMUP4siraBRs8zli4CEY6Uj0m9iLd1+
wx8zpKfB8HB9wOWZ118WVAmaaW2R0IPuTTQabLFaZklX8WhrFJacOk956M7VVZvo
VKX5m6rbTsnlYcc0e6lpuKqztoSVHAKPb/cCfbn8H7XMlUgi7XgU9wMBcDeyOiZ3
4uIMP7VddQFfPGtD3wVXXDT4N03KvWwF4Yz7v9B5L/OYh12SI7sLItctHMI+FFW2
vh+4mi7l3FYv1NiXOJT9wZFY+qY3b5nZqTfXn+Ug4AJbmGh1a20=
=7S61
-----END PGP SIGNATURE-----
News for package request-tracker5
