Package "request-tracker4"

Name: request-tracker4


extensible trouble-ticket tracking system

Latest version: 4.4.4+dfsg-2ubuntu1.22.04.1
Release: jammy (22.04)
Level: security
Repository: universe
Homepage: https://bestpractical.com/rt/


Download "request-tracker4"

Other versions of "request-tracker4" in Jammy

Repository Area Version
base universe 4.4.4+dfsg-2ubuntu1
updates universe 4.4.4+dfsg-2ubuntu1.22.04.1

Packages in group

Deleted packages are displayed in grey.


Version: 4.4.4+dfsg-2ubuntu1.22.04.1 2023-12-04 20:06:58 UTC

  request-tracker4 (4.4.4+dfsg-2ubuntu1.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Cross-Site Scripting
    - debian/patches/upstream_4.4.4_cve:_patchset_2022-06-29.diff: fixed an XSS
      in request-tracker (CVE-2022-25802)
    - CVE-2022-25802
  * SECURITY UPDATE: Information Leakage and Unvalidated Headers
    - debian/patches/upstream_4.4-trunk_cve:_avoid_time_side_channel_attack.diff:
      fixed an issue that was resulting in leaking sensitive information
    - debian/patches/upstream_4.4.3_cve:_patchset_2023-09-26.diff: fixed an
      issue with unvalidated email headers (CVE-2023-41259) and an information
      leakage (CVE-2023-41260) in request-tracker
    - debian/patches/upstream_4.4.3_cve:_patchset_2023-09-26-tests.diff: adding
      tests for patches for CVE-2023-41259 and CVE-2023-41260
    - debian/patches/fix_expired_certs.diff: fixes related tests
    - CVE-2021-38562
    - CVE-2023-41259
    - CVE-2023-41260

 -- Amir Naseredini <email address hidden> Thu, 30 Nov 2023 13:28:12 +0000

CVE-2022-25802 Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.
CVE-2021-38562 Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing at
CVE-2023-41259 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email
CVE-2023-41260 Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.

About   -   Send Feedback to @ubuntu_updates