-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 14 Apr 2011 18:37:55 +0100 Source: request-tracker3.8 Binary: request-tracker3.8 rt3.8-clients rt3.8-apache2 rt3.8-db-postgresql rt3.8-db-mysql rt3.8-db-sqlite Architecture: source all Version: 3.8.10-1 Distribution: unstable Urgency: high Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org> Changed-By: Dominic Hargreaves <dom@earth.li> Description: request-tracker3.8 - extensible trouble-ticket tracking system rt3.8-apache2 - Apache 2 specific files for request-tracker3.8 rt3.8-clients - mail gateway and command-line interface to request-tracker3.8 rt3.8-db-mysql - MySQL database backend for request-tracker3.8 rt3.8-db-postgresql - PostgreSQL database backend for request-tracker3.8 rt3.8-db-sqlite - SQLite database backend for request-tracker3.8 Closes: 622774 Changes: request-tracker3.8 (3.8.10-1) unstable; urgency=high . * New upstream release; includes multiple security fixes (Closes: #622774): - Remote code execution in external custom fields (CVE-2011-1685) - Information disclosure via SQL injection (CVE-2011-1686) - Information disclosure via search interface (CVE-2011-1687) - Information disclosure via directory traversal (CVE-2011-1688) - User javascript execution via XSS vulnerability (CVE-2011-1689) - Authentication credentials theft (CVE-2011-1690) * Update Standards-Version (no changes) Checksums-Sha1: e4c005d046bcd5de8b25ac4a208cd3984c397bde 1603 request-tracker3.8_3.8.10-1.dsc 98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 5642566 request-tracker3.8_3.8.10.orig.tar.gz b78443ab5627c04c60ed898b3732b80dab78ef84 73996 request-tracker3.8_3.8.10-1.diff.gz 29a4e868b347ac385e6ac740d4403ce9f3ac2136 5165144 request-tracker3.8_3.8.10-1_all.deb 22820277b5f371e280a58521c4be32919462f833 48246 rt3.8-clients_3.8.10-1_all.deb 5cba6f65536a0ec2b9c5181651e74d25b86bdbca 13570 rt3.8-apache2_3.8.10-1_all.deb 14e735d48276dc76ab63cddf64f569f4613e3d75 12250 rt3.8-db-postgresql_3.8.10-1_all.deb 13dfbd9b41f53ad00341d83eaf0c552ba6a35b7b 12250 rt3.8-db-mysql_3.8.10-1_all.deb 8679c4275da52fd1640ebaa83105cf0afc2b86db 12344 rt3.8-db-sqlite_3.8.10-1_all.deb Checksums-Sha256: bdd7abb12071b39900d2fbe29b1aae28d0ff9391fdf590cfcf319f80622f5c73 1603 request-tracker3.8_3.8.10-1.dsc d121ec6463ce919cef74c3ce3ab7e7213cb235726d05abd26c717a7eab6c1448 5642566 request-tracker3.8_3.8.10.orig.tar.gz ff1e64aa7c5be1136dddb72de265cce75277547333cbde9593818332d4b52666 73996 request-tracker3.8_3.8.10-1.diff.gz 251272ae5b66d0dfccfa55ef0f23d6a6a201fae1d5d4d852422dbf683bc80fce 5165144 request-tracker3.8_3.8.10-1_all.deb 163833928ed7b78f4e119f08e9af04a589aa8caffbdc95d56052179f726a6f59 48246 rt3.8-clients_3.8.10-1_all.deb 7c0627740aa9f834c00a496ff9f582c0b132f30e37f52d904ffc70a75a6c52af 13570 rt3.8-apache2_3.8.10-1_all.deb e57be2f8ce4adef77d2447c8fe5c52c4f28532b0a352ceaacf5cde3453ccf772 12250 rt3.8-db-postgresql_3.8.10-1_all.deb b4dba76d7fd81bb788db1b86ccd7546501d1cf8ad3df14768fae8748cbc1263c 12250 rt3.8-db-mysql_3.8.10-1_all.deb 3be4a11ab16d89ea86581e0152a19025d24caa5c8c5c70d6956082483f636055 12344 rt3.8-db-sqlite_3.8.10-1_all.deb Files: b8e64ea9a36162232d40ba03438c1b1f 1603 misc optional request-tracker3.8_3.8.10-1.dsc 00c147d71476d032d33dbad76bdc06ff 5642566 misc optional request-tracker3.8_3.8.10.orig.tar.gz 48ebb61a57cf6078b6b30088c815ba6b 73996 misc optional request-tracker3.8_3.8.10-1.diff.gz 3201d27ad3c05ea0b7bbf26663336b2c 5165144 misc optional request-tracker3.8_3.8.10-1_all.deb 17ca06e586ff7bcf63b94e4e73a00b22 48246 misc optional rt3.8-clients_3.8.10-1_all.deb 19825e80298d4ef390bb6d6208b94080 13570 misc optional rt3.8-apache2_3.8.10-1_all.deb 3edb295cf9cde06912ba759fc60af683 12250 misc optional rt3.8-db-postgresql_3.8.10-1_all.deb efdbe7ad74117d6e4cd02a23f7f70b7a 12250 misc optional rt3.8-db-mysql_3.8.10-1_all.deb 4d63690b10528c5bec3034aa7e2b8321 12344 misc optional rt3.8-db-sqlite_3.8.10-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFNpzEtYzuFKFF44qURAqTYAKCq3f6ZU9hI/JBxf2iwFGARf8cEgACgkfkE nhEs8/YdT8OYDhfDMfrGAwQ= =aI6H -----END PGP SIGNATURE----- Accepted: request-tracker3.8_3.8.10-1.diff.gz to main/r/request-tracker3.8/request-tracker3.8_3.8.10-1.diff.gz request-tracker3.8_3.8.10-1.dsc to main/r/request-tracker3.8/request-tracker3.8_3.8.10-1.dsc request-tracker3.8_3.8.10-1_all.deb to main/r/request-tracker3.8/request-tracker3.8_3.8.10-1_all.deb request-tracker3.8_3.8.10.orig.tar.gz to main/r/request-tracker3.8/request-tracker3.8_3.8.10.orig.tar.gz rt3.8-apache2_3.8.10-1_all.deb to main/r/request-tracker3.8/rt3.8-apache2_3.8.10-1_all.deb rt3.8-clients_3.8.10-1_all.deb to main/r/request-tracker3.8/rt3.8-clients_3.8.10-1_all.deb rt3.8-db-mysql_3.8.10-1_all.deb to main/r/request-tracker3.8/rt3.8-db-mysql_3.8.10-1_all.deb rt3.8-db-postgresql_3.8.10-1_all.deb to main/r/request-tracker3.8/rt3.8-db-postgresql_3.8.10-1_all.deb rt3.8-db-sqlite_3.8.10-1_all.deb to main/r/request-tracker3.8/rt3.8-db-sqlite_3.8.10-1_all.deb