Ubuntu
request-tracker4 package

Multiple security vulnerabilities in request-tracker4

Bug #1004835 reported by Dominic Hargreaves
268
This bug affects 4 people
Affects Status Importance Assigned to Milestone
request-tracker4 (Ubuntu)
Fix Released
Undecided
Unassigned
Oneiric
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

Upstream reported multiple vulnerabilities in request-tracker4. Patches are described in:

http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html

See original description
Dominic Hargreaves (dom)
visibility: private → public
description: updated
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Tyler Hicks (tyhicks)
Changed in request-tracker4 (Ubuntu):
status: New → Confirmed
Revision history for this message
Dominic Hargreaves (dom) wrote : Re: [Bug 1004835]

On Fri, Jun 01, 2012 at 10:19:12PM -0000, Tyler Hicks wrote:
> Thanks for taking the time to report this bug and helping to make Ubuntu
> better. Since the package referred to in this bug is in universe or
> multiverse, it is community maintained. If you are able, I suggest
> posting a debdiff for this issue. When a debdiff is available, members
> of the security team will review it and publish the package. See the
> following link for more information:
> https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Patches ready for testing attached. See also
http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git;a=shortlog;h=refs/heads/precise
http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git;a=shortlog;h=refs/heads/oneiric

Note that I don't run RT on Ubuntu systems so can't help with testing.

--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks! Subscribing ubuntu-security-sponsors.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks!

I've uploaded them for building in the security PPA.

Changed in request-tracker4 (Ubuntu Oneiric):
status: New → Fix Committed
Changed in request-tracker4 (Ubuntu Precise):
status: New → Fix Committed
Changed in request-tracker4 (Ubuntu Quantal):
status: Confirmed → Fix Released
Marc Deslauriers (mdeslaur)
Changed in request-tracker4 (Ubuntu Precise):
status: Fix Committed → Fix Released
Changed in request-tracker4 (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.