-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 14 Apr 2011 09:03:25 +0100 Source: request-tracker3.6 Binary: request-tracker3.6 rt3.6-clients rt3.6-apache2 rt3.6-db-postgresql rt3.6-db-mysql rt3.6-db-sqlite Architecture: source all Version: 3.6.7-5+lenny6 Distribution: oldstable-security Urgency: high Maintainer: Debian Request Tracker Group Changed-By: Dominic Hargreaves Description: request-tracker3.6 - Extensible trouble-ticket tracking system rt3.6-apache2 - Apache 2 specific files for request-tracker3.6 rt3.6-clients - Mail gateway and command-line interface to request-tracker3.6 rt3.6-db-mysql - MySQL database backend for request-tracker3.6 rt3.6-db-postgresql - PostgreSQL database backend for request-tracker3.6 rt3.6-db-sqlite - SQLite database backend for request-tracker3.6 Changes: request-tracker3.6 (3.6.7-5+lenny6) oldstable-security; urgency=high . * Security fix: fix information leakage in scrips (CVE-2011-1008) * Multiple security fixes for: - Information disclosure via SQL injection (CVE-2011-1686) - Information disclosure via search interface (CVE-2011-1687) - Information disclosure via directory traversal (CVE-2011-1688) - User javascript execution via XSS vulnerability (CVE-2011-1689) - Authentication credentials theft (CVE-2011-1690) - XSS relating to login credentials Checksums-Sha1: 8a7dbcea34e61d62a38da5b969c88e84d4b4f685 1623 request-tracker3.6_3.6.7-5+lenny6.dsc ad3bc4a0ddb85a30f6e49d594707ee245122b9d0 59668 request-tracker3.6_3.6.7-5+lenny6.diff.gz 12ad165f24b181b6bac12e439d38dbb5403c2e97 1543902 request-tracker3.6_3.6.7-5+lenny6_all.deb ad267a8c019cdb765aeade907c4ae339d3132257 216172 rt3.6-clients_3.6.7-5+lenny6_all.deb e642211280c98e037029b3279a1aaab89bdefa1a 187694 rt3.6-apache2_3.6.7-5+lenny6_all.deb 051f7931b213e56c5cbf425437120d59c1be3262 186012 rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb ad752590647c8421dc7bc56ba5ebf291e65fb31c 186012 rt3.6-db-mysql_3.6.7-5+lenny6_all.deb a9716327648ba85e325cda735dabcd5d1ef86dfd 186110 rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb Checksums-Sha256: d0c8163feceac0f3b84de35f6733a0fda3ba980bf851043908dc13c8949dc59d 1623 request-tracker3.6_3.6.7-5+lenny6.dsc 1be711f426d6fc44d5a1b5942834b1d10b1e6f8d1732e08c2755e804edf875e6 59668 request-tracker3.6_3.6.7-5+lenny6.diff.gz d7a91ecc2dc829b74ceb295c627f22a587d7ca2d56f34169d585158608712bbd 1543902 request-tracker3.6_3.6.7-5+lenny6_all.deb 9db7ef2d98f4b181017373b7dd616e47718ca60aa61c75708a3ddc794d825c39 216172 rt3.6-clients_3.6.7-5+lenny6_all.deb b2af23d2042f9dec5e0c4de76c0a8336bbb65fab4823be16a2d1bc80f941467f 187694 rt3.6-apache2_3.6.7-5+lenny6_all.deb a110e2281b57ba7a88de9713beeef7e608a90dff906df41d42f673e00d495700 186012 rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb 5d8e2d801527149397acd812c0b9b24a8e897b2777893da89275906ce683c186 186012 rt3.6-db-mysql_3.6.7-5+lenny6_all.deb f1f2e9378a34d4b59f672b63e342cab40e5a573e3da0435c1d347d6e6f3cebbe 186110 rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb Files: 1e45ad8422ce65d0645a7375d03d0a09 1623 misc optional request-tracker3.6_3.6.7-5+lenny6.dsc b764f3832a240bc8c9c6d27eda6b7a16 59668 misc optional request-tracker3.6_3.6.7-5+lenny6.diff.gz 94b2028e958214434356bfd15fed98af 1543902 misc optional request-tracker3.6_3.6.7-5+lenny6_all.deb 2a52f6d7d9abff14d03e893717d357f9 216172 misc optional rt3.6-clients_3.6.7-5+lenny6_all.deb 8effa30cccf0f95c25932cb6a5b0f588 187694 misc optional rt3.6-apache2_3.6.7-5+lenny6_all.deb 2c8f87b5a3884c13f62a7bf57009404a 186012 misc optional rt3.6-db-postgresql_3.6.7-5+lenny6_all.deb b0f5dab9da8c822514c8461e5ff81f7e 186012 misc optional rt3.6-db-mysql_3.6.7-5+lenny6_all.deb 0c631fe6389a0aa6b6e8dfdb8485a292 186110 misc optional rt3.6-db-sqlite_3.6.7-5+lenny6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNpq+MYzuFKFF44qURAmSDAJ0QVsBMNY052IbgNZxcKTkxV21kiACgyUbE piDjWqJiLltdFM5DhprEUrM= =9oso -----END PGP SIGNATURE-----