Package: request-tracker3.8 Version: 3.8.8-7+squeeze2 Severity: grave Justification: renders package unusable
After the security upgrade of DSA-2480 our request tracker stopped working. The browser shows "Invalid escape flag: j" for any URL. To reproduce this bug I installed a fresh Debian host with 64bit squeeze (using VirtualBox) and then the packages: apache2 2.2.16-6+squeeze7 mysql-server 5.1.61-0+squeeze1 request-tracker3.8 3.8.8-7+squeeze1 I made sure I got a proper RT login page before doing the security upgrade and I did. I then upgraded request-tracker3.8 to 3.8.8-7+squeeze2. After that the RT login page only shows: Invalid escape flag: j Incidentially, while preparing this bug report with reportbug I got the following error message: The package bug script /usr/share/bug/request-tracker3.8/script exited with an error status (return code = 256). Do you still want to file a report? [y|N|q|?]? y Regards, -- Elmar -- Package-specific info: Changed files: -- System Information: Debian Release: 6.0.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF8) Shell: /bin/sh linked to /bin/dash Versions of packages request-tracker3.8 depends on: ii dbconfig-common 1.8.46+squeeze.0 common framework for packaging dat ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii exim4 4.72-6+squeeze2 metapackage to ease Exim MTA (v4) ii exim4-daemon-light [ma 4.72-6+squeeze2 lightweight Exim MTA (v4) daemon ii libapache-session-perl 1.87-1 Perl modules for keeping persisten ii libcache-simple-timede 0.27-2 Perl module to cache and expire ke ii libcalendar-simple-per 1.21-1 module for producing simple calend ii libcgi-fast-perl 5.10.1-17squeeze3 CGI::Fast Perl module ii libcgi-pm-perl 3.49-1squeeze1 module for Common Gateway Interfac ii libclass-returnvalue-p 0.55-1 A return-value object that lets yo ii libcss-squish-perl 0.09-1 module to compact many CSS files i ii libdata-ical-perl 0.16+dfsg-1 Perl module for manipulating iCale ii libdbi-perl 1.612-1 Perl Database Interface (DBI) ii libdbix-searchbuilder- 1.56-1 Perl implementation of a simple OR ii libdevel-stacktrace-pe 1.2100-1 Perl module containing stack trace ii libemail-address-perl 1.889-2 RFC 2822 Address Parsing and Creat ii libfcgi-procmanager-pe 0.18-2 Functions for managing FastCGI app ii libfile-sharedir-perl 1.00-0.1 Locate per-dist and per-module sha ii libgd-graph-perl 1.44-3 Graph Plotting Module for Perl 5 ii libgd-text-perl 0.86-5 Text utilities for use with GD ii libgnupg-interface-per 0.42-3 Perl interface to GnuPG ii libgraphviz-perl 2.04-1 Perl interface to the GraphViz gra ii libhtml-mason-perl 1:1.44-1 HTML::Mason Perl module ii libhtml-parser-perl 3.66-1 collection of modules that parse H ii libhtml-rewriteattribu 0.03-1 concise attribute rewriting ii libhtml-scrubber-perl 0.08-4 Perl extension for scrubbing/sanit ii libipc-run-safehandles 0.02-1 Use IPC::Run and IPC::Run3 safely ii libjs-prototype 1.6.1-1 JavaScript Framework for dynamic w ii libjs-scriptaculous 1.8.3-1 JavaScript library for dynamic web ii liblocale-maketext-fuz 0.10-1 Maketext from already interpolated ii liblocale-maketext-lex 0.82-1 lexicon-handling backends for Loca ii liblog-dispatch-perl 2.22-1 Dispatches messages to multiple Lo ii libmailtools-perl 2.06-1 Manipulate email in perl programs ii libmime-tools-perl [li 5.428-1 Perl5 modules for MIME-compliant m ii libmime-types-perl 1.30-1 Perl extension for determining MIM ii libmodule-versions-rep 1.06-1 Report versions of all modules in ii libperlio-eol-perl 0.14-1+b1 PerlIO layer for normalizing line ii libregexp-common-perl 2010010201-1 module with common regular express ii libtext-autoformat-per 1.669002-1 module for automatic text wrapping ii libtext-quoted-perl 2.06-1 Perl module to extract the structu ii libtext-template-perl 1.45-1 Text::Template perl module ii libtext-wikiformat-per 0.78-1 translates Wiki formatted text int ii libtext-wrapper-perl 1.02-1 Simple word wrapping routine ii libtime-modules-perl 2006.0814-2 Various Perl modules for time/date ii libtimedate-perl 1.2000-1 collection of modules to manipulat ii libtree-simple-perl 1.18-1 A simple tree object ii libuniversal-require-p 0.13-1 Load modules from a variable ii libxml-rss-perl 1.48-1 Perl module for managing RSS (RDF ii libxml-simple-perl 2.18-3 Perl module for reading and writin ii perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction ii perl-modules [libcgi-p 5.10.1-17squeeze3 Core Perl modules ii rsyslog [system-log-da 4.6.4-2 enhanced multi-threaded syslogd ii rt3.8-apache2 3.8.8-7+squeeze2 Apache 2 specific files for reques ii rt3.8-clients 3.8.8-7+squeeze2 mail gateway and command-line inte ii rt3.8-db-sqlite 3.8.8-7+squeeze2 SQLite database backend for reques ii ucf 3.0025+nmu1 Update Configuration File: preserv Versions of packages request-tracker3.8 recommends: ii cron [cron-daemon] 3.0pl1-116 process scheduling daemon ii libdatetime-locale-perl 1:0.45-1 Perl extension providing localizat ii libdatetime-perl 2:0.6100-2 module for manipulating dates, tim ii speedy-cgi-perl 2.22-13 speed up perl scripts by making th Versions of packages request-tracker3.8 suggests: pn rt3.8-rtfm <none> (no description available) -- debconf information: * request-tracker3.8/organization: vagrant-debian-squeeze64.vagrantup.com request-tracker3.8/pgsql/no-empty-passwords: request-tracker3.8/pgsql/authmethod-user: password * request-tracker3.8/handle-siteconfig-permissions: true request-tracker3.8/install-error: abort * request-tracker3.8/correspondaddress: [email protected] request-tracker3.8/dbconfig-remove: request-tracker3.8/mysql/method: unix socket request-tracker3.8/install-cronjobs: request-tracker3.8/upgrade-error: abort request-tracker3.8/mysql/admin-user: root request-tracker3.8/remote/port: request-tracker3.8/dbconfig-reinstall: false request-tracker3.8/db/dbname: rtdb request-tracker3.8/pgsql/changeconf: false request-tracker3.8/dbconfig-upgrade: true request-tracker3.8/missing-db-package-error: abort request-tracker3.8/pgsql/method: unix socket * request-tracker3.8/dbconfig-install: true request-tracker3.8/purge: false request-tracker3.8/pgsql/authmethod-admin: ident request-tracker3.8/pgsql/manualconf: * request-tracker3.8/webpath: /rt request-tracker3.8/remove-error: abort request-tracker3.8/upgrade-backup: true request-tracker3.8/warn-sqlite-file: request-tracker3.8/db/basepath: /var/lib/dbconfig-common/sqlite3/request-tracker3.8 request-tracker3.8/internal/skip-preseed: false request-tracker3.8/remote/newhost: request-tracker3.8/pgsql/admin-user: postgres request-tracker3.8/db/app-user: rtuser * request-tracker3.8/webbaseurl: http://vagrant-debian-squeeze64.vagrantup.com request-tracker3.8/remote/host: * request-tracker3.8/rtname: dumbledore.ethz.ch request-tracker3.8/internal/reconfiguring: false * request-tracker3.8/commentaddress: [email protected] request-tracker3.8/passwords-do-not-match: * request-tracker3.8/database-type: sqlite3 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
