[Git][security-tracker-team/security-tracker][master] Reserve DLA-4157-1 for request-tracker4

Thu, 08 May 2025 07:35:20 -0700 


Santiago R.R. pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4e8ffd94 by Santiago Ruano Rincón at 2025-05-08T11:34:37-03:00
Reserve DLA-4157-1 for request-tracker4

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -120383,7 +120383,6 @@ CVE-2024-3298 (Out-Of-Bounds Write and Type Confusion 
vulnerabilities exist in t
 CVE-2024-3262 (Information exposure vulnerability in RT software affecting 
version 4. ...)
        {DSA-5911-1 DSA-5909-1}
        - request-tracker4 4.4.7+dfsg-2 (bug #1068452)
-       [bullseye] - request-tracker4 <no-dsa> (Minor issue)
        [buster] - request-tracker4 <no-dsa> (Minor issue)
        - request-tracker5 5.0.7+dfsg-1 (bug #1068453)
        NOTE: 
https://github.com/bestpractical/rt/commit/ea07e767eaef5b202e8883051616d09806b8b48a


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 May 2025] DLA-4157-1 request-tracker4 - security update
+       {CVE-2024-3262 CVE-2025-2545 CVE-2025-30087}
+       [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u4
 [08 May 2025] DLA-4156-1 openssh - security update
        {CVE-2025-32728}
        [bullseye] - openssh 1:8.4p1-5+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -360,12 +360,6 @@ rails
 redis (Chris Lamb)
   NOTE: 20250425: Added by Front-Desk (rouca)
 --
-request-tracker4 (santiago)
-  NOTE: 20250429: Added by Front-Desk (lamby)
-  NOTE: 20250429: Note that claimee is not an LTS team member. "There are new 
RT updates for which the maintainer is taking care himself of uploading fixes 
for LTS [and] he would prefer if once uploads are done a LTS team member takes 
care of releasing the DLA". (lamby)
-  NOTE: 20250430: This is to resolve CVE-2024-3262, CVE-2025-30087 and 
CVE-2025-2545. (lamby)
-  NOTE: 20250507: Andrew Ruthven just uploaded a DLA, lamby is coordinating 
through a private thread (Beuc/front-desk)
---
 ruby-graphql
   NOTE: 20250422: Added by Front-Desk (rouca)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8ffd942cccc3631743e9e63600c887f5549db7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4e8ffd942cccc3631743e9e63600c887f5549db7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to