-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 11 Jun 2017 01:03:32 +0100 Source: request-tracker4 Binary: request-tracker4 rt4-clients rt4-standalone rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite rt4-doc-html Architecture: all source Version: 4.4.1-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org> Changed-By: Dominic Hargreaves <dom@earth.li> Description: request-tracker4 - extensible trouble-ticket tracking system rt4-apache2 - Apache 2 specific files for request-tracker4 rt4-clients - mail gateway and command-line interface to request-tracker4 rt4-db-mysql - MySQL database backend for request-tracker4 rt4-db-postgresql - PostgreSQL database backend for request-tracker4 rt4-db-sqlite - SQLite database backend for request-tracker4 rt4-doc-html - HTML documentation for request-tracker4 rt4-fcgi - External FastCGI support for request-tracker4 rt4-standalone - Standalone web server support for request-tracker4 Changes: request-tracker4 (4.4.1-3+deb9u1) stretch-security; urgency=high . * Fix multiple security issues: - [CVE-2017-5943] CSRF verification token information leak - [CVE-2016-6127] XSS in file uploads - [CVE-2017-5361] Timing side-channel vulnerability in password verification - [CVE-2017-5944] Remote code execution in dashboard interface - Add check for incorrect RestrictLoginReferrer configuration setting * Work around a DoS vulnerability in Email::Address (CVE-2015-7686) Checksums-Sha1: 3fc2ec4f11bcf488d2a0ab8b7f1096e14770dba5 5484 request-tracker4_4.4.1-3+deb9u1.dsc 3d4f9fa07e52981f4ab7ce9c7a4a788a8d84d94e 1132767 request-tracker4_4.4.1.orig-third-party-source.tar.gz a3c7aa5398af4f53c947b4bee8c91cecd5beb432 9057212 request-tracker4_4.4.1.orig.tar.gz 18d742a0c0be00e62ca49ae7298a68e3501d22a4 83724 request-tracker4_4.4.1-3+deb9u1.debian.tar.xz 8c9e7ddd68c2d1c103504029ebc13411a15eb997 4267132 request-tracker4_4.4.1-3+deb9u1_all.deb 01370ed8cbfb8abf51c5243d3011fbc6684f830f 16784 request-tracker4_4.4.1-3+deb9u1_amd64.buildinfo 67b9b929e3ff762f8aecf9aa63d8f23c11441249 20602 rt4-apache2_4.4.1-3+deb9u1_all.deb d7cd97a513bd18e5553849146cea3e4651dcfff5 52978 rt4-clients_4.4.1-3+deb9u1_all.deb f2d3aa921110015d9c22b4b701431d0ff1822769 19878 rt4-db-mysql_4.4.1-3+deb9u1_all.deb f6667f8658680978d7d5c65a745ed72279f60da7 19862 rt4-db-postgresql_4.4.1-3+deb9u1_all.deb 735a28fba7e3b47ebbc206c5b1450533c84d2591 19970 rt4-db-sqlite_4.4.1-3+deb9u1_all.deb a14f30aad51ea53b514f918cb58bb9cb4a95752a 2049688 rt4-doc-html_4.4.1-3+deb9u1_all.deb d2841a86f5debd837cefc05f725cad3035978baf 22364 rt4-fcgi_4.4.1-3+deb9u1_all.deb 7e6a6f88965c720f315147ed3dcd5099b324e625 19348 rt4-standalone_4.4.1-3+deb9u1_all.deb Checksums-Sha256: 9327ab43f3d80d9ee7664d7fdc9b88651ece58830ffe2b9e6022ef2a1daccd06 5484 request-tracker4_4.4.1-3+deb9u1.dsc 5cdc9d979a44ac53aa67e2ddecc17477dbe53fa8be8b4147b5f9a3b83cabdaf8 1132767 request-tracker4_4.4.1.orig-third-party-source.tar.gz f87329911020e01b39948070aec2bd7abf0c81641f0cf2f25e01c690a19f24f5 9057212 request-tracker4_4.4.1.orig.tar.gz 18dee19af69ed818bf6179f6f59e977e0957c7cd9c438263f022e38309515ed2 83724 request-tracker4_4.4.1-3+deb9u1.debian.tar.xz 9da5dcf5e9e32d97a55841c57888cc599e05aa5768761e5a8313393daaecbc83 4267132 request-tracker4_4.4.1-3+deb9u1_all.deb a5c71b6a69a24283158400227f9ca2c8ca6b3e4826a50e9d1f5cded499dfb6a1 16784 request-tracker4_4.4.1-3+deb9u1_amd64.buildinfo 82c5e8078ba06b1c177a7c05f8d6aae115b460f17ced3993c80895b98500efba 20602 rt4-apache2_4.4.1-3+deb9u1_all.deb 5c3b2da6fa767109615efe27765eddfb721c2f1a984b2e77982b7f25cbe1e74a 52978 rt4-clients_4.4.1-3+deb9u1_all.deb 02c3a0a3c42f2102946f3880d81135e5a9975252789412008cdb1523acf314dc 19878 rt4-db-mysql_4.4.1-3+deb9u1_all.deb d25d003b0e90d742188cf812801d279b3c0b40021e04686fdc9d713241d196bc 19862 rt4-db-postgresql_4.4.1-3+deb9u1_all.deb f84a9c68e3b8970e7051f206ffcaded48d25dc36b45fc2e64a584e07688296ee 19970 rt4-db-sqlite_4.4.1-3+deb9u1_all.deb 3c5666499b42c5ed0a85d05affb5a87304651d266f196f70538f05968cec4e42 2049688 rt4-doc-html_4.4.1-3+deb9u1_all.deb 50bb277d75cab4362d6d1ae0d00165d115e29cfc3a8160547999f42283481467 22364 rt4-fcgi_4.4.1-3+deb9u1_all.deb 91d1911b7921dd3ef93d8b24fc02c7204a6227d8737abfb8a42a83377a697407 19348 rt4-standalone_4.4.1-3+deb9u1_all.deb Files: d62588d91859aae842cb6780b62c8f38 5484 misc optional request-tracker4_4.4.1-3+deb9u1.dsc 8b0d4487be2741b20083de3ac199cc72 1132767 misc optional request-tracker4_4.4.1.orig-third-party-source.tar.gz 3587522b92a02d3866e07dc9361ca1e2 9057212 misc optional request-tracker4_4.4.1.orig.tar.gz e0c2917474c3734266bf540ea4719da2 83724 misc optional request-tracker4_4.4.1-3+deb9u1.debian.tar.xz 7bf5213989a4d20ac9a90fddf066078d 4267132 misc optional request-tracker4_4.4.1-3+deb9u1_all.deb 1dd2ffe017a3eb815f5d8cbe63d5e939 16784 misc optional request-tracker4_4.4.1-3+deb9u1_amd64.buildinfo 67f6724ccb8c5b1891f7abdd83255c7c 20602 misc optional rt4-apache2_4.4.1-3+deb9u1_all.deb c79f49f08eb3c15b7352e9b2992588c1 52978 misc optional rt4-clients_4.4.1-3+deb9u1_all.deb 9516f92847a293ea392444aac58a6cbc 19878 misc optional rt4-db-mysql_4.4.1-3+deb9u1_all.deb d6a33d641213a10f129ba37fe50e222a 19862 misc optional rt4-db-postgresql_4.4.1-3+deb9u1_all.deb 189789bd9590f655437c38774e503644 19970 misc optional rt4-db-sqlite_4.4.1-3+deb9u1_all.deb e8143bda5e85029691ad2827d925e1a5 2049688 doc optional rt4-doc-html_4.4.1-3+deb9u1_all.deb 35ee76d32fc19906d3eae45cb2267c69 22364 misc optional rt4-fcgi_4.4.1-3+deb9u1_all.deb 339a1639c4b1fc9b55d424e408ed2165 19348 misc optional rt4-standalone_4.4.1-3+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZQcuNAAoJEMAFfnFNaU+ycIkQALu3y/WNEGPFDQazy5LUAAxx yjprtRAK6OQspQ0EUa5KncILLp7XLC3K+b8fT6U0qbRAWfpESxHcn4IFTyqblXPJ zjr/1WERKI0a894zZ4shFmxa5n6PS0IHjf12WegpgJbx4fDvGOwIPxEhVqzsFmFZ Wh5YW0B29QN/4gyVjKfj2NTTpmxSr3jqegpkz9GPwu2p7dL/JZvuRuW+FsHtULWp xsMTh+o4Um0iAiTYFEuJbLUG20w/EkDENk0fkVJv8wT96pgX6RhQTLl4OSZp6mK5 LKtx9zfIBt4jHtJEJjzdmRKecceaesjoL1MfXEJ6FIj/DaL43aHPwc2ucr5Y7kdS U23rTWLNRc1hdI1oTsW7x/GotbH670cBmwR74/KDK8ZiDedAqsGp90ZbiGMJxqFG 18kmgd8y8f8gHv57fWsTF8tXz7QyLRcAHBAKrEN6hzZt+ZJdUqh0GFh/614ToXB9 r3KIv4PkaFPYgZtpOCU1z3TW1SjQ6KSHiwOLSKpKIIj5OhWsrZA5xiX9SKW1xH64 SI3r8LVaBUWOrBoik2mnEzzshCKqtpw5kzPrJJ28pz4DiwTF4cEU3TkjIYHL5TYu 51gtSaw8/VovT1fGooW9O/0XfYvf4ca3pdRJWAXKs/UsK64w9k5oD0TP9aiUINdg ag1fD/69sMZfy+OMdPsE =XIdU -----END PGP SIGNATURE-----