On Thu, Apr 14, 2011 at 04:38:33PM +0200, Stefan Hornburg (Racke) wrote: > package: request-tracker3.8 > tags: security > > This release of RT contains important bugfixes. You can download it from: > > http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz > http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig > > SHA1 sums > > 98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 rt-3.8.10.tar.gz > 8e228df450d0cdc255e3db725b5bdf302771c75d rt-3.8.10.tar.gz.sig > > This release, in addition to being a bugfix release, also resolves a > number of security vulnerabilities. It resolves CVE-2011-1685, > CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and > CVE-2011-1690.
I'll upload 3.8.10 to unstable later today. > This affects also RT 3.6 as in Lenny. I've submitted patches to the security team for 3.8 in squeeze and 3.6 in lenny already; they're also available at svn+ssh://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/squeeze svn+ssh://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.6/branches/lenny Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org