-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6031-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 22, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : request-tracker5 CVE ID : CVE-2025-9158 CVE-2025-61873 Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system, which could result in CSV injection via ticket values with special characters, or cross-site scripting via calendar invitations added to a ticket. For the oldstable distribution (bookworm), these problems have been fixed in version 5.0.3+dfsg-3~deb12u4. The oldstable distribution (bookworm) is only affected by CVE-2025-61873. For the stable distribution (trixie), these problems have been fixed in version 5.0.7+dfsg-4+deb13u1. We recommend that you upgrade your request-tracker5 packages. For the detailed security status of request-tracker5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker5 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmj5QdxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Ssow//aQKLanjazSu5Wd6bXnIDBhFDJyKro0ZB5ZHrl6VRRpQH1k10a0Mtu3js OTq8gYwbiTJJ9pV+YnzGtmDvVc22VhzuhZ+C10l96bjzjC1FCUHY4o8s7PbEFRjh 0Ntw6IMlESdZwLND33B0W9dWGuh4tgRvlVCw+bbXEgdEegvmc1Fj1QNrDoDaFAQ6 c3ZN0UDvCyNiIP3Ad+yLzlVpHiq29Cw150fadPjBU10YwkQLmr+zy9ygtfQXa7Mo Mg5DK9rkb2nx7hwRTXofLyYDccR7Ox/xZrnDx6yh4mUZPoeaLFePgiS0thGMWL0Z ti6XNtpnUVVg0xOerGawdp84lWHzLbbsbh/mCxW+TN1onpG9w9PthLVl/4oEYrDU c6IIAZxVZTX+4CFUwIaGmbtBKL6td1COVkUmEAauTAgwnB8XI4znF/xhIHn9IiDg /v2gTa0CV+K2BgFHSDzXu9xWiRNua6PRlZIk0SgQFIocqrqDvfthZOOPeFl3fkSZ exrEnON0crC6JMm4tKbYnirw5LRnt2GRaqZFrtAdN8xFtt/sCb8MJYj1Ai1W9ls8 NONf+dL/VZCUVO+uD+/YgsOvyz940ilM1MQ2k81aSTqve+i4zlL11eDGbaL09L+F OJswdsXV2iltKy4aavT+xf7DJketa1lpXqJMhWZVxtM1d/t7nts= =OM1p -----END PGP SIGNATURE-----
