-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 22 May 2013 18:53:16 +0100 Source: request-tracker4 Binary: request-tracker4 rt4-clients rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite rt4-doc-html Architecture: source all Version: 4.0.12-2 Distribution: unstable Urgency: high Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org> Changed-By: Dominic Hargreaves <dom@earth.li> Description: request-tracker4 - extensible trouble-ticket tracking system rt4-apache2 - Apache 2 specific files for request-tracker4 rt4-clients - mail gateway and command-line interface to request-tracker4 rt4-db-mysql - MySQL database backend for request-tracker4 rt4-db-postgresql - PostgreSQL database backend for request-tracker4 rt4-db-sqlite - SQLite database backend for request-tracker4 rt4-doc-html - HTML documentation for request-tracker4 rt4-fcgi - External FastCGI support for request-tracker4 Changes: request-tracker4 (4.0.12-2) unstable; urgency=high . * Multiple security fixes for: - Privileged user escalation (CVE-2012-4733) - Semi-predictable temporary file names (CVE-2013-3368) - Arbitrary Mason component execution (CVE-2013-3369) - Direct execution of private callback components (CVE-2013-3370) - XSS via attachment filenames and URLs in messages (CVE-2013-3371) - XSS via Content-Disposition header (CVE-2013-3372) - MIME header injection (CVE-2013-3373) - Limited session reuse when using Apache::Session::File (CVE-2013-3374) * Include database upgrade (dbconfig-common and NEWS) Checksums-Sha1: 46329f3ea4abb4a9e2e996c1499546055b64122b 4455 request-tracker4_4.0.12-2.dsc 96e0b333ffab2be8d0c6291bc10500df3267a254 86264 request-tracker4_4.0.12-2.debian.tar.gz 7fbbe9b49403e01779f4e1d85472ee6e393b0375 4861062 request-tracker4_4.0.12-2_all.deb 5c210c80d691528668f2443ab7c5ccfa8d73cb26 53184 rt4-clients_4.0.12-2_all.deb ada3d97f2b17952ae9597a263fb02ca95c5f9dee 17900 rt4-fcgi_4.0.12-2_all.deb 198da2915c836b274056cbb464e7ef23f59fcea8 16754 rt4-apache2_4.0.12-2_all.deb 80ce36aba4157f8a81bcb3e6a1dc672e4fea8db3 15956 rt4-db-postgresql_4.0.12-2_all.deb b0807e9b4bf86408343ad1f6844b344404314b83 15958 rt4-db-mysql_4.0.12-2_all.deb 72b48ed5d329315420b526af7bcc7dd0c0323efe 16048 rt4-db-sqlite_4.0.12-2_all.deb 9aefb1a3036cb6ab7dd65f67675a593a8a9abf70 629956 rt4-doc-html_4.0.12-2_all.deb Checksums-Sha256: 96bcc67f06e6bed264ce15880642bfa91b6084b3d54787a481282f4826d9276e 4455 request-tracker4_4.0.12-2.dsc cde9e00e07e152db26decf69b682baa3a955374073bb429febbe32c1fe5f582c 86264 request-tracker4_4.0.12-2.debian.tar.gz c9b265471b2f2dbdeac34dfe5546119f3ace000bfc76f172a34e8a770260e7d7 4861062 request-tracker4_4.0.12-2_all.deb e8d547dd4565bf2c1ff55aac0de821e198f227a740b709d7d55bf32bfd19851f 53184 rt4-clients_4.0.12-2_all.deb a022aa7419c674d6862d4ad869877a09d2b8982e9583d3966cd7995a51f97d08 17900 rt4-fcgi_4.0.12-2_all.deb 5c57a6d97d1bebb42c16f0fe985cfac8626f4bb19692836f0b47f7ec3db9926a 16754 rt4-apache2_4.0.12-2_all.deb ff263d21578c001364a81754a50b56c64af7c6211c464ab802dc999e301a7446 15956 rt4-db-postgresql_4.0.12-2_all.deb 5778bd62707b9c35b83325f6030259ccdc116772f0449a7b8d1666acce14933b 15958 rt4-db-mysql_4.0.12-2_all.deb 737ccaea00e6ce8c420eb5dcaa96797b2543ceb8386c1ec9a9ddee20f1ed8305 16048 rt4-db-sqlite_4.0.12-2_all.deb 75a8473f7c1b7a3f704714154f61b394f9a204b98032236823e5159bf7904915 629956 rt4-doc-html_4.0.12-2_all.deb Files: 6664d1599badaf3e7f2a8754e50ce864 4455 misc optional request-tracker4_4.0.12-2.dsc 127277d31f62498d3d6faf8f6594baff 86264 misc optional request-tracker4_4.0.12-2.debian.tar.gz 1823f7cc68d9675a96dc5528c5d4a718 4861062 misc optional request-tracker4_4.0.12-2_all.deb 68ba4a0799011d3e284dd94614765f64 53184 misc optional rt4-clients_4.0.12-2_all.deb 0498f34705f274eb0f4c3a80ab613493 17900 misc optional rt4-fcgi_4.0.12-2_all.deb e6eef0737b0acdabdeba890e0d998f38 16754 misc optional rt4-apache2_4.0.12-2_all.deb 59c97e62530c93de6c55ba87c0ca78a7 15956 misc optional rt4-db-postgresql_4.0.12-2_all.deb 48da6692de9411c5ce407734b74c702f 15958 misc optional rt4-db-mysql_4.0.12-2_all.deb 640913120cc5f108b917a6d5b5408090 16048 misc optional rt4-db-sqlite_4.0.12-2_all.deb 88a18cc21b4df4a5c9fd2db81058b0bd 629956 doc optional rt4-doc-html_4.0.12-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFRnVevYzuFKFF44qURAlX/AJ0aPNiLq2Y01fRFUwQBzg2JrDCvAQCg9tNw ssK6FreHJNDbIOhNzjX9neg= =Ddn7 -----END PGP SIGNATURE-----