-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 10 Jun 2017 23:25:11 +0100 Source: request-tracker4 Binary: request-tracker4 rt4-clients rt4-standalone rt4-fcgi rt4-apache2 rt4-db-postgresql rt4-db-mysql rt4-db-sqlite rt4-doc-html Architecture: all source Version: 4.2.8-3+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintain...@lists.alioth.debian.org> Changed-By: Dominic Hargreaves <d...@earth.li> Closes: 864302 Description: request-tracker4 - extensible trouble-ticket tracking system rt4-apache2 - Apache 2 specific files for request-tracker4 rt4-clients - mail gateway and command-line interface to request-tracker4 rt4-db-mysql - MySQL database backend for request-tracker4 rt4-db-postgresql - PostgreSQL database backend for request-tracker4 rt4-db-sqlite - SQLite database backend for request-tracker4 rt4-doc-html - HTML documentation for request-tracker4 rt4-fcgi - External FastCGI support for request-tracker4 rt4-standalone - Standalone web server support for request-tracker4 Changes: request-tracker4 (4.2.8-3+deb8u2) jessie-security; urgency=high . * Fix FTBFS due to base.pm changes (Closes: #864302) * Fix multiple security issues: - [CVE-2017-5943] CSRF verification token information leak - [CVE-2016-6127] XSS in file uploads - [CVE-2017-5361] Timing side-channel vulnerability in password verification - [CVE-2017-5944] Remote code execution in dashboard interface - Add check for incorrect RestrictLoginReferrer configuration setting * Work around a DoS vulnerability in Email::Address (CVE-2015-7686) Checksums-Sha1: 253920f51e42317d0da074bcc88861b74f6f8cb2 5629 request-tracker4_4.2.8-3+deb8u2.dsc 000a7de7337b4f0ab60fb5dbed451e610b4183f3 78564 request-tracker4_4.2.8-3+deb8u2.debian.tar.xz 8f366bd8c54808ce4d468efc5b31d7edec5a779e 3073664 request-tracker4_4.2.8-3+deb8u2_all.deb be38b9ffad749fe29b843b8baa4a58b41d32b144 51986 rt4-clients_4.2.8-3+deb8u2_all.deb 64e98c4fc9af467c918f163f0732bf121f40f1a8 16706 rt4-standalone_4.2.8-3+deb8u2_all.deb 745bf82d49eec132db122ab495b10d3f4c0f67ba 19066 rt4-fcgi_4.2.8-3+deb8u2_all.deb ec485cc6c5ad1138b321783bc243b0ba40617926 18016 rt4-apache2_4.2.8-3+deb8u2_all.deb 4241bf057937a41fb6825cb6c91b6493439c7da2 17326 rt4-db-postgresql_4.2.8-3+deb8u2_all.deb fc27f3be4eadf0764a24a63475a684479dd572bc 17338 rt4-db-mysql_4.2.8-3+deb8u2_all.deb 9e67bc8d03f246f4d0673aa4ef1ae8c3ff246c5f 17438 rt4-db-sqlite_4.2.8-3+deb8u2_all.deb 05c7773b3494cea4655980956d1948e48916223f 982314 rt4-doc-html_4.2.8-3+deb8u2_all.deb Checksums-Sha256: 6f759c001d865196694323cd77c9e227a95904224bda0c84f057ebb873f5a5bd 5629 request-tracker4_4.2.8-3+deb8u2.dsc 7686f9ec7bea98d4c9fdecb76b6a846f55e2f12f0d7133e7e4f61a9f7b43e902 78564 request-tracker4_4.2.8-3+deb8u2.debian.tar.xz 5817d9fac54b9aeec1153c93a5798e966279642e06e0ffb5a2c891b6d6c0a577 3073664 request-tracker4_4.2.8-3+deb8u2_all.deb 4f8263c192be0e4bd3f0cefcd126a9965d432770e1ab64081ab7320bb06a9201 51986 rt4-clients_4.2.8-3+deb8u2_all.deb 615f6fb07a952472790152a7e4be550ce33e3a6686119573bc4c3ff02fec8e91 16706 rt4-standalone_4.2.8-3+deb8u2_all.deb 6d85dbb7ae624f0519a51c9c953de4e5a7becedfbebabb7334a3b5a1908229c0 19066 rt4-fcgi_4.2.8-3+deb8u2_all.deb a9df4c9d426556cbbfbc9be09be74a4a497574d5f4a8056ef09b0a15e394a473 18016 rt4-apache2_4.2.8-3+deb8u2_all.deb 42b18ba9ed170b2cc5fa533a34caa25f93361296860fef60682b0ea5fd0c531a 17326 rt4-db-postgresql_4.2.8-3+deb8u2_all.deb a651e0feb1570518a9cd814e3873b1c658d2dbfcf4ffa942c7c9dcb973d0168e 17338 rt4-db-mysql_4.2.8-3+deb8u2_all.deb 07345719e4d05701a42118728632327695fa771049807423999ee2534615ce60 17438 rt4-db-sqlite_4.2.8-3+deb8u2_all.deb 632d93626f69ec019bf3874068703a217246ecb4ad38227d7ae7a800c0053a47 982314 rt4-doc-html_4.2.8-3+deb8u2_all.deb Files: 0833e294412da55f7cee08f56a1cecc0 5629 misc optional request-tracker4_4.2.8-3+deb8u2.dsc 07b9879ce7f15eb58f965b09eeeb5df5 78564 misc optional request-tracker4_4.2.8-3+deb8u2.debian.tar.xz 213b3d14e5fcd7a028faf0a810922175 3073664 misc optional request-tracker4_4.2.8-3+deb8u2_all.deb 8d2657d25cd93f6911aa440d205ad709 51986 misc optional rt4-clients_4.2.8-3+deb8u2_all.deb 25d1629fe1a1d9493fba29225fd03d6a 16706 misc optional rt4-standalone_4.2.8-3+deb8u2_all.deb c47fea0128687786b5d5e247ef26364f 19066 misc optional rt4-fcgi_4.2.8-3+deb8u2_all.deb c127524044b9b49ceecd48c40fe5574f 18016 misc optional rt4-apache2_4.2.8-3+deb8u2_all.deb d892812c5c474eb055dec399a18e0050 17326 misc optional rt4-db-postgresql_4.2.8-3+deb8u2_all.deb c712018af0c4b969a516dfb11c1401dc 17338 misc optional rt4-db-mysql_4.2.8-3+deb8u2_all.deb 5af141024af30f80463d564e8e0f2129 17438 misc optional rt4-db-sqlite_4.2.8-3+deb8u2_all.deb 04d240bac23cce41c3897603a118a2f4 982314 doc optional rt4-doc-html_4.2.8-3+deb8u2_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZQXstAAoJEMAFfnFNaU+yv3sP/jUWXEN9nDlfD8aeHA+XByP4 whLSFHiYMzgBaJqG+DT0aeykAch5p1q2J91ZAcLE+BeS+QQI1gJWAKHI4X9W4TyP iqDB1zjk4O7QC84cnXGMobfJejg5L/qyaqJAAfhPkxKtscFYTRj+5210wz235hfW HKRb1A5gMlhPkjVLUoQSEQ01vbtVGFjVjN8WxXtI45ohMxbN9rZfSZTAwNURCp0+ UdUM3Tjy+y6gKShgbPuRCqdZVOfRcuhisSyMdN9Yy0fRmjuMfJL1TJU5m5/9HUmG cim2FPTmFnIlfAQYLDvid9vSQine7kSQbgSPC07s1nzcI74KXP5hWZC0m8k+saI7 iiqg3Bgv9dvPWsEHPbyqn5hoGD9Bx3LHLuOFleYBby6vD5ZB34Ylk4l9e1/Mtjiu jtGnF43iHmdHqvCdi37GplQwIa5sAAGEmxP0vs6+bCwyRVmwkIHFknIpnPnSHfv2 gqq6g7Vx0SbVCWroKQIO2CpaETw0xndE11FUt9/YBMrkBtPh9pmeVY6EIC7RzLxw qxQpcni+7QpefRMTJz/4tmtqKIJMzb8+eVYJ0qMGMsa+GLhryvTT2jCjubbVKMNe 8+yp3muiWUgJpjLsheXK9kP24WeWRzqE7sxG1HQZq+a32m5wIKBHtBd6YPWzHGEs 04xadN1AF1XfqMk9C+WG =Q7SB -----END PGP SIGNATURE-----