** Changed in: request-tracker3.6 (Ubuntu Hardy)
Status: Fix Committed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for
** Tags added: bot-stop-nagging
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009 request-tracker3.6 request-
tracker3.8
To manage
It has been another half year, and no activity on the hardy-proposed
packages. Given that hardy only has about 9 more months to live, I
suppose we should just leave them there, I'd hope affected users have
started their migrations to at least lucid by now.
--
You received this bug notification
Whoops, adding verification-needed tag back for hardy package in
-proposed.
** Tags added: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security
ACK on the debdiff, looks good. I'm getting it pocket-copied into the
-proposed pocket now.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for
This bug was fixed in the package request-tracker3.8 - 3.8.7-1ubuntu2.2
---
request-tracker3.8 (3.8.7-1ubuntu2.2) lucid-security; urgency=low
* Fix error in previous patch application which broke logins.
Thanks to Best Practical for the testing and fix. (LP: #750339)
--
Actually, since it was tested except for the simple fix, I've pushed it
to -security directly. It should appear in a few hours. Thanks!
** Tags removed: verification-needed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Branch linked: lp:ubuntu/lucid-security/request-tracker3.8
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009 request-tracker3.6
I can confirm that the fix looks correct and that it was a mistake in my
previous fix. Attached is the fix incorporated as a debdiff against
3.8.7-1ubuntu2.1
** Patch added: rt3.8-lucid-ubuntu2.2.debdiff
Best Practical tested the lucid-proposed package and we uncovered an
error in the package that causes users to be unable to login. The error
is not present in upstream but in the Ubuntu patched version.
Once we manually patched the error in the installed code (described by
the attached diff), RT
Martin— RT 3.6 has since been EOLd by us:
http://blog.bestpractical.com/2011/06/end-of-life-for-rt-36.html
We'll try to get the lucid-proposed package tested soon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
Is anyone still interested in the hardy update? It's been sitting in
-proposed for half a year. We'll remove the -proposed version soon.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Please release the fix!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009 request-tracker3.6 request-
tracker3.8
To manage
Mark, have you tested the packages as requested in comment #18? If so,
on what release?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009
Can someone affected by this bug test the package in -proposed on hardy
and lucid and comment here?
** Changed in: request-tracker3.6 (Ubuntu Hardy)
Status: In Progress = Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Thomas,
Someone just needs to test the package in proposed, then comment here on
whether or not is it working and free of regressions.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Are there any updates on getting this package from lucid-proposed to
lucid-security?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009
Maverick was fixed on 2011-05-05.
** Changed in: request-tracker3.8 (Ubuntu Maverick)
Status: Fix Committed = Fix Released
** Also affects: request-tracker3.6 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: request-tracker3.6 (Ubuntu Hardy)
Status: New =
Overall, Lucid looks good with these exceptions:
* the version should be 3.8.7-1ubuntu2.1, not 3.8.7-1ubuntu3
* this bug was not referenced in the changelog
* the changelog does not conform to
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging.
See
** Tags added: security-verification
** Changed in: request-tracker3.8 (Ubuntu Lucid)
Status: Fix Committed = In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request
Overall, Hardy looks good too with these exceptions:
* the distribution name should be 'hardy-security'
* this bug was not referenced in the changelog
* the changelog does not conform to
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging.
See
Pocket copied request-tracker3.8 to lucid-proposed. Please test and give
feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for
documentation on how to enable and use -proposed. Thank you in advance!
** Tags added: verification-needed
** Tags removed: security-verification
**
To ubuntu-sru: if this passes the verification process, please also
pocket copy to security. Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for
Pocket copied request-tracker3.6 to hardy-proposed. Please test and give
feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for
documentation on how to enable and use -proposed. Thank you in advance!
To ubuntu-sru: if this passes the verification process, please also
pocket copy to
** Branch linked: lp:ubuntu/lucid-proposed/request-tracker3.8
** Branch linked: lp:ubuntu/hardy-proposed/request-tracker3.6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request
Here's my proposed fix for lucid. This fixes the more recent bunch of
issues too. It's a straightforward port of my updates for Debian. Not
test-built on Ubuntu or tested (I don't have Ubuntu machines to hand).
** Patch added: request-tracker3.8-lucid-security-2011-04-19.debdiff
The last patch missed out the installation of the vulnerable-passwords
script. Please use this one instead.
** Patch added: request-tracker3.8-lucid-security-2011-05-29.debdiff
Here's my proposed fix for hardy. This fixes some other old security
issues as well as the more recent ones. This probably needs more testing
than the other updates.
** Patch added: request-tracker3.6-hardy-security-2011-05-29.debdiff
** Also affects: request-tracker3.8 (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: request-tracker3.8 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Changed in: request-tracker3.8 (Ubuntu Hardy)
Status: New = Confirmed
** Changed in:
Thanks for the debdiff!
ACK
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009 request-tracker3.6 request-
tracker3.8
--
ubuntu-bugs mailing
** Changed in: request-tracker3.8 (Ubuntu Maverick)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009
Uploaded to maverick-security. I'll push this to the archive once it is
finished building.
** Changed in: request-tracker3.8 (Ubuntu Maverick)
Status: Confirmed = Fix Committed
** Also affects: request-tracker3.8 (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects:
Natty and Oneiric have 3.8.10-1.
** Changed in: request-tracker3.8 (Ubuntu Natty)
Status: New = Fix Released
** Changed in: request-tracker3.8 (Ubuntu Oneiric)
Status: Won't Fix = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
On Wed, May 04, 2011 at 09:27:54PM -, Jamie Strandboge wrote:
Thanks for the debdiff!
No problem. I take it you'd be interested in updates for lucid, and
hardy (and dapper-backports?) too?
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li
Yes, very much so, though Dapper is going EOL in a few weeks, so feel
free to skip that.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009
Here's my proposed fix for maverick. This fixes the more recent bunch of
issues too. It's a straightforward port of my updates for Debian. Not
test-built on Ubuntu or tested (I don't have Ubuntu machines to hand).
If this is any use, I can look at preparing similar updates for previous
versions.
I'm subscribing ubuntu-security-sponsors, so the debdiff gets processed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/750339
Title:
Request security update for CVE-2011-0009 request-tracker3.6
Bug 766386 covers Natty.
** Changed in: request-tracker3.8 (Ubuntu)
Status: Confirmed = Won't Fix
** Also affects: request-tracker3.8 (Ubuntu Maverick)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
posting a debdiff for this issue. When a debdiff is available, members
of the security
39 matches
Mail list logo
