[request-tracker-maintainers] Bug#622774: Bug#622774: Security Release for Request Tracker
Dominic Hargreaves
dom at earth.li
Thu Apr 14 15:37:23 UTC 2011
On Thu, Apr 14, 2011 at 04:38:33PM +0200, Stefan Hornburg (Racke) wrote:
> package: request-tracker3.8
> tags: security
>
> This release of RT contains important bugfixes. You can download it from:
>
> http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz
> http://download.bestpractical.com/pub/rt/release/rt-3.8.10.tar.gz.sig
>
> SHA1 sums
>
> 98678a4ce4dbdfb13ceeeb88236d49bd0f5562c7 rt-3.8.10.tar.gz
> 8e228df450d0cdc255e3db725b5bdf302771c75d rt-3.8.10.tar.gz.sig
>
> This release, in addition to being a bugfix release, also resolves a
> number of security vulnerabilities. It resolves CVE-2011-1685,
> CVE-2011-1686, CVE-2011-1687, CVE-2011-1688, CVE-2011-1689, and
> CVE-2011-1690.
I'll upload 3.8.10 to unstable later today.
> This affects also RT 3.6 as in Lenny.
I've submitted patches to the security team for 3.8 in squeeze and
3.6 in lenny already; they're also available at
svn+ssh://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.8/branches/squeeze
svn+ssh://svn.debian.org/svn/pkg-request-tracker/packages/request-tracker3.6/branches/lenny
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-request-tracker-maintainers
mailing list