On Thu, Dec 03, 2009 at 10:04:51PM +1100, Steffen Joeris wrote: > For the stable distribution (lenny), this problem has been fixed in > version 3.6.7-5+lenny3. > > For the oldstable distribution (etch), this problem has been fixed in > version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1 > of request-tracker3.4. > > For the testing distribution (squeeze), this problem will be fixed soon. > > For the unstable distribution (sid), this problem has been fixed in > version 3.6.9-2.
Thanks for your work preparing the advisory and doing the release, Steffen. One small correction in the above: testing does not contain a vulnerable version of RT; RT 3.6 has been kept out of testing as it is basically EOLed (and will be removed from unstable too once the new rtfm package has matured a bit), and RT 3.8.6 which fixes this is already in testing. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org