1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted request-tracker4 4.4.6+dfsg-1.1+deb12u2 (source) into proposed

    From Debian FTP Masters@21:1/5 to All on Sat May 3 14:20:02 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 17 Apr 2025 15:48:48 +1200
    Source: request-tracker4
    Architecture: source
    Version: 4.4.6+dfsg-1.1+deb12u2
    Distribution: bookworm-security
    Urgency: medium
    Maintainer: Andrew Ruthven <andrew@etc.gen.nz>
    Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
    Closes: 1068452
    Changes:
    request-tracker4 (4.4.6+dfsg-1.1+deb12u2) bookworm-security; urgency=medium
    .
    * Apply upstream patches which fixes several security vulnerabilities.
    - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
    malicious parameters in a search URL.
    - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
    encrypting SMIME email. This is an outdated cipher algorithm, so the
    default is changed to aes-128-cbc. In addition, this is now configurable
    so you can pick an alternate cipher now or in the future, or revert to
    des3 if needed for compatibility
    * [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452). Checksums-Sha1:
    1da1b59a7d65eb8d1092921c6637b38eb04a01bb 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc
    1f4fac598e3e3b3e565266070031488658d81fee 153928 request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz
    4c2b35f6d66adc70c16ee41723cc85f61a8486bc 20864 request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo
    Checksums-Sha256:
    56a6e1c7e8aca242aa5fd356acfe4a6806ea08f512312faf18f69517369c9acd 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc
    e9445f8f55633a8107f78fee811194014d90dacb3ace36942556ee4e79e6d864 153928 request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz
    1280df5f6607dcee8834c79b0661764183ef421aeab3c59acc24ff6162e5a304 20864 request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo
    Files:
    7f823d0e88c2af8cb4922e88cc807478 5978 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2.dsc
    e98953788e827da30a81fca18f59f667 153928 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2.debian.tar.xz
    11a85b19a5a5db10ad63eca45b445163 20864 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmgC7MQACgkQS1PZMeTT 6GMYKBAAmIamfGXohQVJzJwrd3fQvJ44jJ5r9HQgOx6yuM1ao+xc/EqwTJJKD6KG sa4Ap5wGuke/woWpCYzp6JJlids9KAFGhR2lhEkQ+pOhWwl4QX+O5f1rbnsuz9tb 0auvNCbjbNfcBGBMiWxuApg7otgFH6Ja6AKMs2GgGNZuffB3ulRd5934f+ANDNTG i4TPyElYN4xFlA1hsVWYcCUBcwkSBWiwBnmYeJg7l7y6DtY4RlIvfwijAKFQ1jug frGg6TV5y2/MDXx92Mrs+Ino1Sb38GAfFRSTtGpZKRszsrWpR3tUwNZB3npJ+Xor 1E9Cs+j6jGmIpeIGteDGbOfsghOdUnnMLfn3zk80s5phOWKytQp+m0N2vOwBsFma i/bm23o396A+NH7qMN1+Gf63FlPYqaIVix+Oov8Euf5Fz+WTPDxQOmOFvRLxO3/6 cRTjDKnE3gSnOjhsjxjyJTBtbU1wPmpPe2y6KGg9b42JjA1k5vu2NIIiQ4KuiqSX fgeF5ROP+tUE6RHLLnBTG7JQy7IfIl7dX1m+NRrFplqPEJvBmBwJoNx0ZNafJpRF 90Ky7E3CcOPA9SNM9U1+nfGyBaR5OEr4aadqbO5L9p87XeD4sDKeMEYx6vSl7tGi XJ5XDOwAg8eMvqpgT5POTe9hA++c/G+DjMdftT1+RSPjqv8S/LY=
    =R9/u
    -----END PGP SIGNATURE-----


    --==============!45034878191527775=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaBYJzgAKCRCb9qggYcy5 IZGMAQDQMXZch9qUgLoIs9HY89/830v+nM/EFMNkp5OZxZlwZAD/Y5E5G/3N0Qty hamw9hbPuhZH4xMCu55Umjs6pAE3eQs=+6DO
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)