Debian
request-tracker4 package

lp:debian/wheezy/request-tracker4

  1. Wheezy (7.0)
  2. wheezy
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:debian/wheezy/request-tracker4
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Development

Recent revisions

18. By Dominic Hargreaves

* Correct dbconfig upgrade script versioning
* Add logging fix for previous security fix patchset

17. By Dominic Hargreaves

* Change localstatedir from /var/cache/request-tracker4 to
  /var/lib/request-tracker4 as it contains things which aren't caches
* Update other references to /var/cache/request-tracker4 where
  appropriate
* Move /var/cache/request-tracker4/data/gpg to
  /var/lib/request-tracker4/data/gpg in postinst
* Add NEWS item about moves from /var/cache/request-tracker4
* Closes: #704107

16. By Dominic Hargreaves

Add extra robustness to hostname handling (Closes: 685502)

15. By Dominic Hargreaves

* Multiple security fixes for:
  - Email header injection attack (CVE-2012-4730)
  - Missing rights checking for Articles (CVE-2012-4731)
  - CSRF protection allows attack on bookmarks (CVE-2012-4732)
  - Confused deputy attack for non-logged-in users (CVE-2012-4734)
  - Multiple message signing/encryption attacks related to GnuPG
    (CVE-2012-4735)
  - Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)

14. By Dominic Hargreaves

* Remove recommendation of libapache2-mod-fastcgi since this is
  non-free (Closes: #682133)
* Remove cron job during package purge (Closes: #682186)

13. By Dominic Hargreaves

* Fix broken regex character range that results in failed installs;
  thanks to Carl Fürstenber (Closes: #678239)
* Urgency high due to RC bug fix

12. By Dominic Hargreaves

update-rt-siteconfig: Allow inclusion of files with capital letters
and underscores in their name (Closes: #674409)

11. By Dominic Hargreaves

[ Dmitry Smirnov ]
* debian/copyright update
* added missing 'libfcgi-perl' dependency to 'rt4-fcgi'
* debian/rt4-fcgi.init: fixed 'status' function

[ Dominic Hargreaves ]
* Multiple security fixes for:
  - XSS vulnerabilities (CVE-2011-2083)
  - information disclosure vulnerabilities including password hash
    exposure and correspondence disclosure to privileged users
    (CVE-2011-2084)
  - CSRF vulnerabilities allowing information disclosure,
    privilege escalation, and arbitrary code execution. Original
    behaviour may be restored by setting $RestrictReferrer to 0 for
    installations which rely on it (CVE-2011-2085)
  - remote code execution vulnerabilities including in VERP
    functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
  above fixes, and run in postinst

10. By Dominic Hargreaves

* Improve rt4-fcgi description to clarify that it's only required
  where an external FCGI process is needed, and that it's not
  nginx specific
* Add Dutch debconf translation (Closes: #661101)
* Create cron job world-readable during new installations
  (Closes: #660867)
* Correctly remove all conffiles during purge (Closes: #668451)
* Remove references to obsolete /etc/apache2/conf.d (see #669774)
* Update Standards-Version (no changes)

9. By Dominic Hargreaves

* New upstream release
* Remove no longer needed libhtml-parser-perl dependency
* Remove patch 67_restore_database_disconnection_state, integrated
  upstream

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:debian/request-tracker4
This branch contains Public information 
Everyone can see this information.

Subscribers