request-tracker4 - Debian Package Tracker

general

source: request-tracker4 (main)
version: 4.4.7+dfsg-4
maintainer: Debian Request Tracker Group (archive) (DMD)
uploaders: Andrew Ruthven [DMD] – Niko Tyni [DMD] – Dominic Hargreaves [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.4.4+dfsg-2+deb11u3
o-o-sec: 4.4.4+dfsg-2+deb11u5
oldstable: 4.4.6+dfsg-1.1+deb12u2
old-sec: 4.4.6+dfsg-1.1+deb12u3
unstable: 4.4.7+dfsg-4

versioned links

4.4.4+dfsg-2+deb11u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.4+dfsg-2+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.6+dfsg-1.1+deb12u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.6+dfsg-1.1+deb12u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.4.7+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

request-tracker4 (10 bugs: 1, 5, 4, 0)
rt4-apache2
rt4-clients (3 bugs: 0, 0, 3, 0)
rt4-db-mysql
rt4-db-postgresql
rt4-db-sqlite
rt4-doc-html (1 bugs: 0, 0, 1, 0)
rt4-fcgi
rt4-standalone

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source
  https://bestpractical.com/download-page

Created: 2025-11-26 Last update: 2026-01-17 12:00

A new upstream version is available: 4.4.9 high

A new upstream version 4.4.9 is available, you should consider packaging it.

Created: 2025-11-26 Last update: 2026-01-17 12:00

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2025-2545: Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES (3DES) cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could compromise the confidentiality of encrypted messages.
CVE-2025-30087: Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVE-2025-61873: Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.

Created: 2025-04-29 Last update: 2026-01-17 05:31

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2026-01-16 Last update: 2026-01-17 13:01

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2025-01-06 Last update: 2026-01-17 13:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.3 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-12-23 20:00

testing migrations

excuses:
- Migration status for request-tracker4 (- to 4.4.7+dfsg-4): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating request-tracker4 would introduce bugs in testing: #1030749, #1103555, #1104424, #1120003
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/r/request-tracker4.html
- ∙ ∙ Autopkgtest for request-tracker4/4.4.7+dfsg-4: amd64: No tests, superficial or marked flaky ♻, arm64: No tests, superficial or marked flaky ♻, i386: No tests, superficial or marked flaky ♻, ppc64el: No tests, superficial or marked flaky ♻, riscv64: No tests, superficial or marked flaky ♻, s390x: No tests, superficial or marked flaky ♻
- ∙ ∙ 392 days old (needed 5 days)
- Not considered

news

[rss feed]

[2025-11-01] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u3 (source all) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andrew Ruthven)
[2025-10-26] Accepted request-tracker4 4.4.4+dfsg-2+deb11u5 (source) into oldoldstable-security (Andrew Ruthven) (signed by: Thorsten Alteholz)
[2025-10-22] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u3 (source all) into oldstable-security (Debian FTP Masters) (signed by: Andrew Ruthven)
[2025-05-07] Accepted request-tracker4 4.4.4+dfsg-2+deb11u4 (source) into oldstable-security (Andrew Ruthven)
[2025-05-03] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Andrew Ruthven)
[2025-04-30] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u2 (source) into stable-security (Debian FTP Masters) (signed by: Andrew Ruthven)
[2025-04-11] request-tracker4 REMOVED from testing (Debian testing watch)
[2024-12-26] request-tracker4 4.4.7+dfsg-4 MIGRATED to testing (Debian testing watch)
[2024-12-21] Accepted request-tracker4 4.4.7+dfsg-4 (source) into unstable (Andrew Ruthven)
[2024-10-03] request-tracker4 4.4.7+dfsg-3 MIGRATED to testing (Debian testing watch)
[2024-09-27] Accepted request-tracker4 4.4.7+dfsg-3 (source) into unstable (Andrew Ruthven)
[2024-08-18] request-tracker4 4.4.7+dfsg-2 MIGRATED to testing (Debian testing watch)
[2024-08-13] Accepted request-tracker4 4.4.7+dfsg-2 (source) into unstable (Andrew Ruthven)
[2024-06-06] request-tracker4 4.4.7+dfsg-1.1 MIGRATED to testing (Debian testing watch)
[2024-05-31] Accepted request-tracker4 4.4.7+dfsg-1.1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2023-11-07] Accepted request-tracker4 4.4.4+dfsg-2+deb11u3 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Andrew Ruthven)
[2023-11-04] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Andrew Ruthven)
[2023-10-31] request-tracker4 4.4.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2023-10-30] Accepted request-tracker4 4.4.3-2+deb10u3 (source) into oldoldstable (Andrew Ruthven)
[2023-10-30] Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Andrew Ruthven)
[2023-10-30] Accepted request-tracker4 4.4.4+dfsg-2+deb11u3 (source) into oldstable-security (Debian FTP Masters) (signed by: Andrew Ruthven)
[2023-10-29] Accepted request-tracker4 4.4.7+dfsg-1 (source) into unstable (Andrew Ruthven)
[2023-10-10] request-tracker4 4.4.6+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-10-10] request-tracker4 4.4.6+dfsg-2 MIGRATED to testing (Debian testing watch)
[2023-10-05] Accepted request-tracker4 4.4.6+dfsg-2 (source) into unstable (Andrew Ruthven)
[2023-03-08] request-tracker4 4.4.6+dfsg-1.1 MIGRATED to testing (Debian testing watch)
[2023-02-25] Accepted request-tracker4 4.4.6+dfsg-1.1 (source) into unstable (Adrian Bunk)
[2022-07-22] request-tracker4 4.4.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2022-07-19] Accepted request-tracker4 4.4.6+dfsg-1 (source) into unstable (Andrew Ruthven)
[2022-07-15] Accepted request-tracker4 4.4.3-2+deb10u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Dominic Hargreaves)

bugs [bug history graph]

all: 20
RC: 2
I&N: 7
M&W: 9
F&P: 2
patch: 2

links

homepage
lintian
buildd: logs
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (98, 61)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.4.7+dfsg-4syncable1
13 bugs