Ubuntu
request-tracker3.8 package

Branches for Oneiric

Name Status Last Modified Last Commit
lp:ubuntu/oneiric/request-tracker3.8 2 Mature 2011-04-28 15:01:41 UTC
16. * New upstream release; includes mult...

Author: Dominic Hargreaves
Revision Date: 2011-04-14 18:37:55 UTC

* New upstream release; includes multiple security fixes
  (Closes: #622774):
  - Remote code execution in external custom fields (CVE-2011-1685)
  - Information disclosure via SQL injection (CVE-2011-1686)
  - Information disclosure via search interface (CVE-2011-1687)
  - Information disclosure via directory traversal (CVE-2011-1688)
  - User javascript execution via XSS vulnerability (CVE-2011-1689)
  - Authentication credentials theft (CVE-2011-1690)
* Update Standards-Version (no changes)
lp:ubuntu/oneiric-proposed/request-tracker3.8 bug 2 Mature 2012-11-14 14:44:52 UTC
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection
lp:ubuntu/oneiric-security/request-tracker3.8 2 Mature 2012-11-27 15:14:54 UTC
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection
lp:ubuntu/oneiric-updates/request-tracker3.8 2 Mature 2012-11-27 16:24:08 UTC
17. * SECURITY UPDATE: Multiple security ...

Author: Marc Deslauriers
Revision Date: 2012-11-09 15:08:36 UTC

* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
  - Email header injection attack (CVE-2012-4730)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
  for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
  run in postinst
* Provide specific instructions for restarting a mod_perl based
  Apache server
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
  rt-email-dashboards, and whitelist search results and calendar helper
  from CSRF protection
14 of 4 results FirstPreviousNextLast