On Tue, Sep 15, 2009 at 06:18:56PM +0100, Dominic Hargreaves wrote: > Package: request-tracker3.6 > Version: 3.6.7-5+lenny1 > Severity: important > Tags: security patch > > According to > > http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html > > RT 3.6 contains a security problem which affects configurations > populating Custom Fields using untrusted data. A patch is provided.
Hi security team, I have prepared an updated package to fix this issue according to the minimal patch included in the announcment. It's at http://svn.debian.org/wsvn/pkg-request-tracker/packages/request-tracker3.6/branches/lenny/#_packages_request-tracker3.6_branches_lenny_ Would you like to persue a DSA for this or should I send it to debian-release for a stable update? Thanks, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
