** Changed in: request-tracker3.8 (Ubuntu Natty)
Status: Incomplete = Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004834
Title:
Multiple security vulnerabilities in
This bug was fixed in the package request-tracker3.8 - 3.8.7-1ubuntu2.3
---
request-tracker3.8 (3.8.7-1ubuntu2.3) lucid-security; urgency=low
[ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure
This bug was fixed in the package request-tracker3.8 - 3.8.11-1ubuntu0.1
---
request-tracker3.8 (3.8.11-1ubuntu0.1) precise-security; urgency=low
[ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure
This bug was fixed in the package request-tracker3.8 - 3.8.10-1ubuntu0.1
---
request-tracker3.8 (3.8.10-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
- Email header injection attack (CVE-2012-4730)
- CSRF protection
** Branch linked: lp:ubuntu/lucid-proposed/request-tracker3.8
** Branch linked: lp:~ubuntu-branches/ubuntu/oneiric/request-tracker3.8
/oneiric-proposed
** Branch linked: lp:~ubuntu-branches/ubuntu/precise/request-tracker3.8
/precise-proposed
--
You received this bug notification because you
I have prepared some untested updates in the security team proposed PPA
here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages
If someone could give them a whirl, I'll get them pocket-copied into
-proposed for more wider testing.
--
You received this bug notification
On Tue, Nov 13, 2012 at 03:01:33PM -, Marc Deslauriers wrote:
I have prepared some untested updates in the security team proposed PPA
here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+packages
If someone could give them a whirl, I'll get them pocket-copied into
Great, thanks Dominic, and thanks for all your work on these updates!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004834
Title:
Multiple security vulnerabilities in request-tracker3.8
To manage
Thanks for your response, I probably wouldn't have rejected on those
points alone but I found it difficult to verify the fixes and had other
questions anyway. We are subscribed to security bugs in Ubuntu, however
do to a change in Launchpad we didn't see them in reports (those reports
have since
Hello Jamie,
I don't see any reference to DEP3 in your wiki page and even if it were
there it doesn't seem like a good reason to reject changes (after all in
Debian DEP3 is not a requirement, nor is it (AFAICR) mentioned in Policy
at all yet). As for the source of the commits, the updates are
Typically, I see the DEP3 stuff jump out of the wiki page immediately
after submitting the previous comment, so scratch that part of the
comment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004834
** Changed in: request-tracker3.8 (Ubuntu Lucid)
Assignee: Dominic Hargreaves (dom) = Marc Deslauriers (mdeslaur)
** Changed in: request-tracker3.8 (Ubuntu Natty)
Assignee: Dominic Hargreaves (dom) = Marc Deslauriers (mdeslaur)
** Changed in: request-tracker3.8 (Ubuntu Oneiric)
Sorry for the delayed response. ubuntu-security-sponsors was not
subscribed as per
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing_an_update
so this didn't show up on the appropriate lists.
** Also affects: request-tracker3.8 (Ubuntu Lucid)
Importance: Undecided
Status:
request-tracker3.8 does not exist in 12.10.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004834
Title:
Multiple security vulnerabilities in request-tracker3.8
To manage notifications about this
Thank you for submitting debdiffs for this issue. It looks like Debian had to
add several regression fixes for request-tracker3.8. In particular:
request-tracker3.8 (3.8.8-7+squeeze5) stable-security; urgency=low
* Apply upstream patch fixing regression in rt-email-dashboards, and
Any word on when these security fixes might make it into lucid?
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2082
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2083
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2084
**
Patches ready for testing attached. See also
svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/lucid
svn://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/natty
[oneric is the same as natty, so only version numbers to be updated there]
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: request-tracker3.8 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1004834
** Description changed:
- Upstream reported multiple vulnerabilities in request-tracker3.8.
- Patches are described in:
+ Upstream reported multiple remotely exploitable vulnerabilities in
+ request-tracker3.8. Patches are described in:
19 matches
Mail list logo
