lp:ubuntu/hardy-proposed/request-tracker3.6

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

8. By Dominic Hargreaves on 2011-05-29

* SECURITY UPDATE: support salted passwords in database and upgrade
  unsalted passwords (CVE-2011-0009)
  - LP: #750339
* Security fix: only allow SuperUsers to edit global RT at a Glance
* Security fix: escape custom field values before display to prevent
  XSS attack
* Security fix for session fixation vulnerability (CVE-2009-3585,
  CVE-2009-4151)
* Security fix: fix information leakage in scrips (CVE-2011-1008)
* Multiple security fixes for:
   - Information disclosure via SQL injection (CVE-2011-1686)
   - Information disclosure via search interface (CVE-2011-1687)
   - Information disclosure via directory traversal (CVE-2011-1688)
   - User javascript execution via XSS vulnerability (CVE-2011-1689)
   - Authentication credentials theft (CVE-2011-1690)
   - XSS relating to login credentials

7. By Niko Tyni on 2007-10-11

New upstream release.

6. By Niko Tyni on 2007-07-09

* New upstream release. (Closes: #404913)
  + fixes display of queue names containing ampersands. (Closes: #416702)
  + fixes RFC 2047 header decoding. (Closes: #429560)
  + removes several unused dependencies
  + adds dependencies on libtimedate-perl
    and libterm-readline-(perl|gnu)-perl
* Remove support for Apache 1, recently removed from Debian.
  (Closes: #429073)
* debian/patches/*.dpatch:
  + 06_devel_deps: removed, no longer needed.
  + 20_search_by_requestor: removed, now included upstream.
  + 40_encoding: fix double UTF-8 encoding in the web interface.
    (Closes: #416474)
* Update SpeedyCGI alternative dependencies. (Closes: #417545)
* Add an alternative FastCGI dependency on libapache2-mod-fcgid
  to rt3.6-apache2, and include an example Apache2 configuration file.
* Downgrade libtext-quoted-perl dependency to a recommendation. It's
  now an optional runtime dependency, since it can cause Perl segfaults
  (see #400733). This is also mentioned in NOTES.Debian.
* Elaborate the comments in all the Apache example configuration files.
* Add a note about RT_SiteConfig being only readable by root after
  installation.
* Use the source:Version substitution variables instead of the deprecated
  Source-Version.
* Upgrade to debhelper compatibility level 5.

5. By Luca Falavigna on 2007-07-07

* Remove rt3.4-apache since apache 1.3.x is no longer presen into the
  archives (LP: #124501)
* Update Maintainer field in debian/control

4. By Niko Tyni on 2007-02-26

* fix the last reference to INSTALL.Debian. (Closes: #406074)
* add an alternative dependency on libcgi-fast-perl to rt3.6-apache2.
  (Closes: #408389)
* add a note about a common MySQL misconfiguration causing repeated
  logins. (Closes: #408405)
* point to rt3.6-clients instead of rt3-clients for mail configuration.
  (Closes: #411856)

3. By Niko Tyni on 2006-11-27

* Fix searching by requestor email address. Patch taken from upstream
  SVN r5782. (Closes: #400655)
* Add a note in rt3.6-clients README.Debian about debugging deferred
  deliveries. (See #397783)

2. By Niko Tyni on 2006-10-02

[ Niko Tyni ]
* Update debian/copyright.
* Rename INSTALL.Debian to NOTES.Debian to avoid the lintian warning.
* Add lintian override for permissions of RT_SiteConfig.pm, which has
  a password inside. (See #307633)

[ Toni Mueller ]
* completed Lintian override file

1. By Niko Tyni on 2006-10-02

Import upstream version 3.6.1