1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5909-1] request-tracker5 security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Apr 30 23:30:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5909-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    April 30, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : request-tracker5
    CVE ID : CVE-2024-3262 CVE-2025-2545 CVE-2025-30087 CVE-2025-31500
    CVE-2025-31501
    Debian Bug : 1068453

    Multiple vulnerabilities have been discovered in Request Tracker, an
    extensible trouble-ticket tracking system, which could result in
    information disclosure, cross-site scripting and use of weak encryption
    for S/MIME emails.

    For the stable distribution (bookworm), these problems have been fixed
    in version 5.0.3+dfsg-3~deb12u3.

    We recommend that you upgrade your request-tracker5 packages.

    For the detailed security status of request-tracker5 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker5

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgSlGdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TZXw/+IjUXUdIi/rKLtqyhyc0LV+Oba5Mfhi/tXSPj569Mgua8e1XA/hDuDcXZ RcRAfD+nu0pMVuPi69XjoAvbtlcl+Q6NixWtxA7UME413upVfkaGWBMzJ7dj8Pen MORhyg5uocbEJT93kzHrnvn87WQrIAI5LTpy0H9Ai6A7oQ5CfrEYl+TzsPWVa1LT FLlyfdzAjz0vIozLK3yEGaeO+ulO6SJBgdlyXh397vm4/g2Xa9fe7UgUNU4CnI0M LuI+3AX8jj1MkGT1hhrDqnU/nqnNERDRxva1m8QUK8qpH125+I+uj7oZlsNKw7tK SzyWhXhBAHhVPn/OnJEdj3xtrQvpRaib6dCwlPaOW0DXRhVvoNwawwyRbJz2aaAs 47hxBbSMliOz1H0IfJP/GGzTE0m6v5yv4UJsQBQ0ujAx6vBso/GYzHhKDS8zNR3g UZTmTZyhvwnOxDQSnGGKtO7rfvRM0PAfq9K9GFuzNndgLx8MRF/S+bgtbl7OruLp x/33F2Mo/MRP3AQbaVaIRlrZe+iXcuP+6S6W/WxIZndKhSkPRn95olSMgg05qyHS 1U+4zUXCgkxsweT9HSLcORvF6BwBKnz7HhNuwq7G6xG5ClaM2xUxIHTJelbaC7Qb +UwnkQzE5fnYp6fFmblJs/zhGp9f6YglLwkGehVocIljPndW17s=
    =many
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)