lp:debian/wheezy/request-tracker4
- Get this branch:
- bzr branch lp:debian/wheezy/request-tracker4
Related bugs
Related blueprints
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 18. By Dominic Hargreaves
-
* Correct dbconfig upgrade script versioning
* Add logging fix for previous security fix patchset - 17. By Dominic Hargreaves
-
* Change localstatedir from /var/cache/
request- tracker4 to
/var/lib/request- tracker4 as it contains things which aren't caches
* Update other references to /var/cache/request- tracker4 where
appropriate
* Move /var/cache/request- tracker4/ data/gpg to
/var/lib/request- tracker4/ data/gpg in postinst
* Add NEWS item about moves from /var/cache/request- tracker4
* Closes: #704107 - 15. By Dominic Hargreaves
-
* Multiple security fixes for:
- Email header injection attack (CVE-2012-4730)
- Missing rights checking for Articles (CVE-2012-4731)
- CSRF protection allows attack on bookmarks (CVE-2012-4732)
- Confused deputy attack for non-logged-in users (CVE-2012-4734)
- Multiple message signing/encryption attacks related to GnuPG
(CVE-2012-4735)
- Arbitrary command-line argument injection to GnuPG (CVE-2012-4884) - 14. By Dominic Hargreaves
-
* Remove recommendation of libapache2-
mod-fastcgi since this is
non-free (Closes: #682133)
* Remove cron job during package purge (Closes: #682186) - 13. By Dominic Hargreaves
-
* Fix broken regex character range that results in failed installs;
thanks to Carl Fürstenber (Closes: #678239)
* Urgency high due to RC bug fix - 12. By Dominic Hargreaves
-
update-
rt-siteconfig: Allow inclusion of files with capital letters
and underscores in their name (Closes: #674409) - 11. By Dominic Hargreaves
-
[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi. init: fixed 'status' function [ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst - 10. By Dominic Hargreaves
-
* Improve rt4-fcgi description to clarify that it's only required
where an external FCGI process is needed, and that it's not
nginx specific
* Add Dutch debconf translation (Closes: #661101)
* Create cron job world-readable during new installations
(Closes: #660867)
* Correctly remove all conffiles during purge (Closes: #668451)
* Remove references to obsolete /etc/apache2/conf.d (see #669774)
* Update Standards-Version (no changes) - 9. By Dominic Hargreaves
-
* New upstream release
* Remove no longer needed libhtml-parser-perl dependency
* Remove patch 67_restore_database_ disconnection_ state, integrated
upstream
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/request-tracker4