Package "rt4-db-mysql"
| Name: |
rt4-db-mysql
|
Description: |
MySQL database backend for request-tracker4
|
| Latest version: |
4.0.4-2ubuntu0.1 |
| Release: |
precise (12.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
request-tracker4 |
| Homepage: |
http://bestpractical.com/rt/ |
Links
Download "rt4-db-mysql"
Other versions of "rt4-db-mysql" in Precise
Changelog
|
request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
-- Dominic Hargreaves <email address hidden> Mon, 04 Jun 2012 14:17:58 +0100
|
| CVE-2011-2083 |
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to in |
| CVE-2011-2084 |
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ti |
| CVE-2011-2085 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to |
| CVE-2011-4458 |
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows |
|
About
-
Send Feedback to @ubuntu_updates
