package: request-tracker3.8 tags: security This release of RT contains important bugfixes. You can download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig SHA1 sums 98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 rt-3.8.10.tar.gz 8e228df450d0cdc255e3db725b5bdf302771c75d rt-3.8.10.tar.gz.sig This release, in addition to being a bugfix release, also resolves a number of security vulnerabilities. It resolves CVE-2011-1685, CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and CVE-2011-1690. * Cleanups identified by perlcritic. * Clear the system attribute cache to avoid 'sticky' attributes like the queue subject tag. * Fix our signature escaping so we better match FCKEditor and don't misidentify signatures during processing. * Add the ability to create BasedOn Custom Fields from intiialdata * Provide a callback to affect the display format in admin pages * Fix id prefixing on Custom Fields to be RTIR compatible * Fix #16656 - Requestors with OwnTicket could show up in the owner list in other Queues. * Don't attach the original multipart mail to notifications that already contain one part of it. * Work around CGI.pm 3.51 and 3.52 which add ; charse=ISO-8859-1 to our utf-8 encoded javascript. This affects also RT 3.6 as in Lenny. Regards Racke -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org