Package "request-tracker4"
Name: |
request-tracker4
|
Description: |
extensible trouble-ticket tracking system
|
Latest version: |
4.0.4-2ubuntu0.1 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://bestpractical.com/rt/ |
Links
Download "request-tracker4"
Other versions of "request-tracker4" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
request-tracker4 (4.0.4-2ubuntu0.1) precise-security; urgency=low
* Multiple security fixes for:
- XSS vulnerabilities (CVE-2011-2083)
- information disclosure vulnerabilities including password hash
exposure and correspondence disclosure to privileged users
(CVE-2011-2084)
- CSRF vulnerabilities allowing information disclosure,
privilege escalation, and arbitrary code execution. Original
behaviour may be restored by setting $RestrictReferrer to 0 for
installations which rely on it (CVE-2011-2085)
- remote code execution vulnerabilities including in VERP
functionality (CVE-2011-4458)
* Add vulnerable-password and clean-user-txns scripts to accompany
above fixes, and run in postinst
-- Dominic Hargreaves <email address hidden> Mon, 04 Jun 2012 14:17:58 +0100
|
CVE-2011-2083 |
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to in |
CVE-2011-2084 |
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ti |
CVE-2011-2085 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to |
CVE-2011-4458 |
Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows |
|
About
-
Send Feedback to @ubuntu_updates