Package "rt3.8-clients"
WARNING: the "rt3.8-clients" package was deleted from this repository
Name: |
rt3.8-clients
|
Description: |
mail gateway and command-line interface to request-tracker3.8
|
Latest version: |
*DELETED* |
Release: |
precise (12.04) |
Level: |
proposed |
Repository: |
universe |
Head package: |
request-tracker3.8 |
Links
Download "rt3.8-clients"
Other versions of "rt3.8-clients" in Precise
Changelog
request-tracker3.8 (3.8.11-1ubuntu0.1) precise-security; urgency=low
[ Dominic Hargreaves ]
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Fix the vulnerable-passwords script to also upgrade password hashes
for disabled users, and rerun the script in postinst (CVE-2011-2082)
* Include clean-user-txns script to accompany the above fixes, and
run in postinst
* Provide specific instructions for restarting a mod_perl based
Apache server
[ Marc Deslauriers ]
* debian/patches/60_misc_sec_regressions.dpatch: fix regression in
rt-email-dashboards, and whitelist search results and calendar helper
from CSRF protection
* SECURITY UPDATE: Multiple security fixes (LP: #1004834):
- Email header injection attack (CVE-2012-4730)
- CSRF protection allows attack on bookmarks (CVE-2012-4732)
- Confused deputy attack for non-logged-in users (CVE-2012-4734)
- Multiple message signing/encryption attacks related to GnuPG
(CVE-2012-4735)
- Arbitrary command-line argument injection to GnuPG (CVE-2012-4884)
-- Marc Deslauriers <email address hidden> Fri, 09 Nov 2012 15:08:36 -0500
|
1004834 |
Multiple security vulnerabilities in request-tracker3.8 |
CVE-2011-2083 |
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to in |
CVE-2011-2084 |
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ti |
CVE-2011-2085 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to |
CVE-2011-4458 |
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows |
CVE-2011-2082 |
The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for |
CVE-2012-4730 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject a |
CVE-2012-4732 |
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before |
CVE-2012-4734 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warn |
CVE-2012-4884 |
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files |
|
About
-
Send Feedback to @ubuntu_updates