Hello, A security issue in RT has been disclosed at
<http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html> A fix is included in version 3.8.8-7, which is ready to upload to unstable. This also includes some documentation fixes and a fix for one other important bug: * Correct name of file in cron.d to one which will be run by cron (Closes: #607209) * Apply patch from upstream reducing the severity of the RTAddressRegexp warning message to "debug", to avoid the cron jobs generating noise * Remove completely misleading documentation from NOTES.Debian relating to migrating between SQLite and other databases (Closes: #608481) * Correct name of libapache2-mod-fcgid in debian/conf/apache2-fcgid.conf * Security fix: support salted passwords in database and upgrade unsalted passwords (CVE-2011-0009) I hope that it will possible to upload this to unstable now and have it migrate to testing, but I'm not completely sure how this fits with your current policy for testing. Certainly the security issue would qualify as RC, and I believe that the other fixes will also provide important improvements to squeeze and are low-risk. I attach the full interdiff for review. Please could you let me know whether it would be okay to go ahead with this upload to unstable, or whether a targetted upload covering just the security fix will be required, Many thanks, Dominic -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
