-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: request-tracker4 Binary: request-tracker4, rt4-clients, rt4-standalone, rt4-fcgi, rt4-apache2, rt4-db-postgresql, rt4-db-mysql, rt4-db-sqlite, rt4-doc-html Architecture: all Version: 4.2.8-3+deb8u1 Maintainer: Debian Request Tracker Group <[email protected]> Uploaders: Niko Tyni <[email protected]>, Dominic Hargreaves <[email protected]> Homepage: http://bestpractical.com/rt/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-request-tracker/request-tracker4.git Vcs-Git: git://anonscm.debian.org/pkg-request-tracker/request-tracker4.git Build-Depends: debhelper (>= 5), po-debconf, libdbd-sqlite3-perl, perl (>= 5.17.10) | libpod-simple-perl (>= 3.24), libhtml-parser-perl, libemail-abstract-perl, libtest-email-perl, libwww-mechanize-perl, libtest-www-mechanize-perl (>= 1.30), libtest-expect-perl (>= 0.31), libxml-simple-perl, libtest-deep-perl, libtest-warn-perl, perl (>= 5.10.1) | libtest-simple-perl (>= 0.90), libtest-mocktime-perl, libtest-www-mechanize-psgi-perl, libplack-middleware-test-stashwarnings-perl (>= 0.08), libtest-longstring-perl, libtest-nowarnings-perl, libhtml-mason-perl (>= 1:1.43), libapache-session-perl (>= 1.53), libregexp-common-perl, libdbi-perl (>= 1.37), libdbix-searchbuilder-perl (>= 1.66), libtext-template-perl (>= 1.44), liblog-dispatch-perl (>= 2.30), liblocale-maketext-fuzzy-perl (>= 0.11), liblocale-maketext-lexicon-perl (>= 0.32), liblocale-po-perl, libmime-tools-perl (>= 5.504), libmime-types-perl, libmailtools-perl (>= 2.12), libtext-wrapper-perl, libtime-modules-perl, libtext-autoformat-perl, libtext-wikiformat-perl, libhtml-scrubber-perl, libmodule-versions-report-perl (>= 1.03), libtree-simple-perl (>= 1.04), libxml-rss-perl (>= 1.05), libgd-graph-perl (>= 1.47), libuniversal-require-perl, libgd-text-perl, libtimedate-perl, libfile-sharedir-perl, libemail-address-perl (>= 1.897), libperlio-eol-perl, libdata-ical-perl, libtext-quoted-perl (>= 2.07), libhtml-rewriteattributes-perl (>= 0.05), libgraphviz-perl, libgnupg-interface-perl, perl (>= 5.12.2) | libencode-perl (>= 2.39), libcgi-pm-perl (>= 3.38), libfcgi-procmanager-perl, libdatetime-perl (>= 0.44), libdatetime-locale-perl (>= 0.40), libhtml-quoted-perl, perl (>= 5.10.1) | libfile-temp-perl (>= 0.19), libtext-password-pronounceable-perl, libdevel-globaldestruction-perl, liblist-moreutils-perl, libnet-cidr-perl, libregexp-common-net-cidr-perl, libregexp-ipv6-perl, libjson-perl, libipc-run3-perl, libcgi-psgi-perl (>= 0.12), libhtml-mason-psgihandler-perl (>= 0.52), libplack-perl (>= 1.0002), libcgi-emulate-psgi-perl, libconvert-color-perl, libclass-accessor-perl (>= 0.34), liburi-perl (>= 1.59), libipc-run-perl (>= 0.90), libterm-readkey-perl, libfcgi-perl, libcrypt-eksblowfish-perl, libdata-guid-perl, libdate-extract-perl, libdate-manip-perl, libdatetime-format-natural-perl, libemail-address-list-perl (>= 0.02), libhtml-formattext-withlinks-perl (>= 0.14), libhtml-formattext-withlinks-andtables-perl, libhttp-message-perl (>= 6.0), libwww-perl, libmodule-refresh-perl (>= 0.03), librole-basic-perl (>= 0.12), libsymbol-global-name-perl (>= 0.04), libfile-which-perl, libcrypt-x509-perl, libstring-shellquote-perl, libmojolicious-perl, libset-tiny-perl, libcrypt-ssleay-perl, libapache-dbi-perl (>= 0.92), liblog-dispatch-perl-perl, libcss-squish-perl, libtest-pod-perl Build-Depends-Indep: perl (>= 5.8.3) Package-List: request-tracker4 deb misc optional arch=all rt4-apache2 deb misc optional arch=all rt4-clients deb misc optional arch=all rt4-db-mysql deb misc optional arch=all rt4-db-postgresql deb misc optional arch=all rt4-db-sqlite deb misc optional arch=all rt4-doc-html deb doc optional arch=all rt4-fcgi deb misc optional arch=all rt4-standalone deb misc optional arch=all Checksums-Sha1: e404dabc8ecea5e4ef5976c52e5c241af8922b2b 1316626 request-tracker4_4.2.8.orig-third-party-source.tar.gz 6842a1e442e6055ecbae0d443a99361072e45591 7612063 request-tracker4_4.2.8.orig.tar.gz dd963bb6b879cdb9c6807de270bcd9ea9123d86b 74336 request-tracker4_4.2.8-3+deb8u1.debian.tar.xz Checksums-Sha256: 869587a9841be27984bf63f112a18a0d530abbe62894d7cb53d8096950ee4df3 1316626 request-tracker4_4.2.8.orig-third-party-source.tar.gz 25009913d2d495ff91f21a47a61ebec1a246a2c89422e22700810a7ef51ede4c 7612063 request-tracker4_4.2.8.orig.tar.gz 05dafbfef920df68decdf60758aab408b0afe4c9f3574415aa2fd089d4f7f006 74336 request-tracker4_4.2.8-3+deb8u1.debian.tar.xz Files: a396df01b2d4567a0bcad8e38def5b71 1316626 request-tracker4_4.2.8.orig-third-party-source.tar.gz f8130bd6186082666804afaa498d4fde 7612063 request-tracker4_4.2.8.orig.tar.gz ea620b65cd7d23d1e0f408308549c6d3 74336 request-tracker4_4.2.8-3+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVy60XAAoJEAVMuPMTQ89EOKkQAJZdqiRiI3yVGBmbGhZHii/9 lMGO6Bp5oP3aAk4z2+9TcggXpvPCgktnsSUmxEBWPBFUjr101pG5vkmZdL1YbWQW aROCZmaZzjgfiL7+M65jW1I+SOxRN7lCbGLdT//DjGtXp2Qu4mLW/Dn3KCMIEsb/ eAJn3auTeKGWl67kiJ9RvOLDcJyoKL0V5CQtH8OnsxjJdJu35/TMYbQl6IBbzH6O e1hW3IohHzhKjIl7y/lHbOaEXNzqhvBjc5/tMIWh1H0GSpD1GWmsnIHInvN+3dBc bbt6XZrgVwLzpH9cBDgL3JRe7gMUNrwFDL5wZ1QinkfboSwgbJZ4mijkjlRXb7gi 1At/wStxAiLZyG00Mu3I3+6ODx48vts+9s51PkMSz6bB9f2QIqVqGyVZPDrB9Xjl dXPkgRx0iUBxOfebYEJWkOtuRtNfEDmo//SG+7O3cQa5SckXFj7rA+cCCuzlxCMm aFklr73nHOUbl9Gj4cIo9L8UxDiJnxvHA9CRyXmj8C1Au27sn+8bwy8ydnCFmXgr /BbBYd6gbvJRr2bZpyLAZkt1HYoVTqpk8XuvLuR4G2doHPD7IeSvLDDDP6HOuhNL 0b0xOohaNFHH4gspi7qy36hKFI/Q3gd/OmayKHR4JS4kgAkx1z+foYFqkZ9zO444 8panxxA2RjSnNn7oc00h =GfMh -----END PGP SIGNATURE----- Changes: request-tracker4 (4.2.8-3+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2015-5475.patch patch. CVE-2015-5475: Cross-site scripting attack via the user and group rights managment pages. * Add XSS-cryptography-interface.patch patch. Fixes cross-site scripting attack via the cryptography interface. -- Salvatore Bonaccorso <[email protected]> Wed, 12 Aug 2015 21:15:45 +0200
