[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Changed in: request-tracker3.6 (Ubuntu Hardy) Status: Fix Committed = Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Tags added: bot-stop-nagging -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
It has been another half year, and no activity on the hardy-proposed packages. Given that hardy only has about 9 more months to live, I suppose we should just leave them there, I'd hope affected users have started their migrations to at least lucid by now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Whoops, adding verification-needed tag back for hardy package in -proposed. ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
ACK on the debdiff, looks good. I'm getting it pocket-copied into the -proposed pocket now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
This bug was fixed in the package request-tracker3.8 - 3.8.7-1ubuntu2.2 --- request-tracker3.8 (3.8.7-1ubuntu2.2) lucid-security; urgency=low * Fix error in previous patch application which broke logins. Thanks to Best Practical for the testing and fix. (LP: #750339) -- Dominic Hargreaves d...@earth.li Thu, 24 Nov 2011 14:37:00 + ** Changed in: request-tracker3.8 (Ubuntu Lucid) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Actually, since it was tested except for the simple fix, I've pushed it to -security directly. It should appear in a few hours. Thanks! ** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Branch linked: lp:ubuntu/lucid-security/request-tracker3.8 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
I can confirm that the fix looks correct and that it was a mistake in my previous fix. Attached is the fix incorporated as a debdiff against 3.8.7-1ubuntu2.1 ** Patch added: rt3.8-lucid-ubuntu2.2.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2607099/+files/rt3.8-lucid-ubuntu2.2.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Best Practical tested the lucid-proposed package and we uncovered an error in the package that causes users to be unable to login. The error is not present in upstream but in the Ubuntu patched version. Once we manually patched the error in the installed code (described by the attached diff), RT functioned normally as expected. I guess the lucid-proposed package needs to get updated and the new package needs to go through another test round, and then it can be pushed to lucid-security? ** Patch added: Example of the problem https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2598906/+files/error.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Martin— RT 3.6 has since been EOLd by us: http://blog.bestpractical.com/2011/06/end-of-life-for-rt-36.html We'll try to get the lucid-proposed package tested soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Is anyone still interested in the hardy update? It's been sitting in -proposed for half a year. We'll remove the -proposed version soon. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Please release the fix! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Mark, have you tested the packages as requested in comment #18? If so, on what release? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Can someone affected by this bug test the package in -proposed on hardy and lucid and comment here? ** Changed in: request-tracker3.6 (Ubuntu Hardy) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Thomas, Someone just needs to test the package in proposed, then comment here on whether or not is it working and free of regressions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Are there any updates on getting this package from lucid-proposed to lucid-security? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/request-tracker3.6/+bug/750339/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Maverick was fixed on 2011-05-05. ** Changed in: request-tracker3.8 (Ubuntu Maverick) Status: Fix Committed = Fix Released ** Also affects: request-tracker3.6 (Ubuntu) Importance: Undecided Status: New ** Changed in: request-tracker3.6 (Ubuntu Hardy) Status: New = Triaged ** Changed in: request-tracker3.6 (Ubuntu Lucid) Status: New = Invalid ** Changed in: request-tracker3.6 (Ubuntu Maverick) Status: New = Invalid ** Changed in: request-tracker3.6 (Ubuntu Natty) Status: New = Invalid ** Changed in: request-tracker3.6 (Ubuntu Oneiric) Status: New = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Overall, Lucid looks good with these exceptions: * the version should be 3.8.7-1ubuntu2.1, not 3.8.7-1ubuntu3 * this bug was not referenced in the changelog * the changelog does not conform to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. See https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue for details. I took the liberty of adjust the first 2, and a bit of the 3rd and am uploading to the security queue now. ** Changed in: request-tracker3.8 (Ubuntu Lucid) Status: Confirmed = Fix Committed ** Changed in: request-tracker3.8 (Ubuntu Hardy) Status: Confirmed = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Tags added: security-verification ** Changed in: request-tracker3.8 (Ubuntu Lucid) Status: Fix Committed = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Overall, Hardy looks good too with these exceptions: * the distribution name should be 'hardy-security' * this bug was not referenced in the changelog * the changelog does not conform to https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. See https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue for details. Again, I took the liberty of adjust the first 2, and a bit of the 3rd and am uploading to the security queue now. Thanks so much for the debdiffs! :) ** Changed in: request-tracker3.6 (Ubuntu Hardy) Status: Triaged = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Pocket copied request-tracker3.8 to lucid-proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance! ** Tags added: verification-needed ** Tags removed: security-verification ** Changed in: request-tracker3.8 (Ubuntu Lucid) Status: In Progress = Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Pocket copied request-tracker3.6 to hardy-proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance! To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Branch linked: lp:ubuntu/lucid-proposed/request-tracker3.8 ** Branch linked: lp:ubuntu/hardy-proposed/request-tracker3.6 -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for lucid. This fixes the more recent bunch of issues too. It's a straightforward port of my updates for Debian. Not test-built on Ubuntu or tested (I don't have Ubuntu machines to hand). ** Patch added: request-tracker3.8-lucid-security-2011-04-19.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146783/+files/request-tracker3.8-lucid-security-2011-04-19.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
The last patch missed out the installation of the vulnerable-passwords script. Please use this one instead. ** Patch added: request-tracker3.8-lucid-security-2011-05-29.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146802/+files/request-tracker3.8-lucid-security-2011-05-29.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for hardy. This fixes some other old security issues as well as the more recent ones. This probably needs more testing than the other updates. ** Patch added: request-tracker3.6-hardy-security-2011-05-29.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2146817/+files/request-tracker3.6-hardy-security-2011-05-29.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Also affects: request-tracker3.8 (Ubuntu Hardy) Importance: Undecided Status: New ** Also affects: request-tracker3.8 (Ubuntu Lucid) Importance: Undecided Status: New ** Changed in: request-tracker3.8 (Ubuntu Hardy) Status: New = Confirmed ** Changed in: request-tracker3.8 (Ubuntu Lucid) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Thanks for the debdiff! ACK -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
** Changed in: request-tracker3.8 (Ubuntu Maverick) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Uploaded to maverick-security. I'll push this to the archive once it is finished building. ** Changed in: request-tracker3.8 (Ubuntu Maverick) Status: Confirmed = Fix Committed ** Also affects: request-tracker3.8 (Ubuntu Natty) Importance: Undecided Status: New ** Also affects: request-tracker3.8 (Ubuntu Oneiric) Importance: Medium Status: Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Natty and Oneiric have 3.8.10-1. ** Changed in: request-tracker3.8 (Ubuntu Natty) Status: New = Fix Released ** Changed in: request-tracker3.8 (Ubuntu Oneiric) Status: Won't Fix = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
On Wed, May 04, 2011 at 09:27:54PM -, Jamie Strandboge wrote: Thanks for the debdiff! No problem. I take it you'd be interested in updates for lucid, and hardy (and dapper-backports?) too? Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Yes, very much so, though Dapper is going EOL in a few weeks, so feel free to skip that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Here's my proposed fix for maverick. This fixes the more recent bunch of issues too. It's a straightforward port of my updates for Debian. Not test-built on Ubuntu or tested (I don't have Ubuntu machines to hand). If this is any use, I can look at preparing similar updates for previous versions. ** Patch added: request-tracker3.8-maverick-security-2011-04-19.debdiff https://bugs.launchpad.net/ubuntu/+source/request-tracker3.8/+bug/750339/+attachment/2070508/+files/request-tracker3.8-maverick-security-2011-04-19.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
I'm subscribing ubuntu-security-sponsors, so the debdiff gets processed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Bug 766386 covers Natty. ** Changed in: request-tracker3.8 (Ubuntu) Status: Confirmed = Won't Fix ** Also affects: request-tracker3.8 (Ubuntu Maverick) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 750339] Re: Request security update for CVE-2011-0009 request-tracker3.6 request-tracker3.8
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Visibility changed to: Public ** Tags removed: cve-2011-0009 request-tracker3.6 request-tracker3.8 rt- extension-saltedpasswords-1.1 ** Changed in: request-tracker3.8 (Ubuntu) Status: New = Confirmed ** Changed in: request-tracker3.8 (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/750339 Title: Request security update for CVE-2011-0009 request-tracker3.6 request- tracker3.8 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs