Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Bug#1104424: request-tracker4: CVE-2025-2545 CVE-2025-30087

From Salvatore Bonaccorso@21:1/5 to All on Tue Apr 29 22:50:01 2025

Source: request-tracker4
Version: 4.4.7+dfsg-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for request-tracker4.

Making them RC severity as they should be fixed for the trixie release
before release.

CVE-2025-2545[0]:
| uses the default OpenSSL cipher, 3DES (des3), for encrypting SMIME email

CVE-2025-30087[1]:
| Cross Site Scripting via injection of malicious parameters in a search URL

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-2545
https://www.cve.org/CVERecord?id=CVE-2025-2545
[1] https://security-tracker.debian.org/tracker/CVE-2025-30087
https://www.cve.org/CVERecord?id=CVE-2025-30087

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Salvatore Bonaccorso@21:1/5 to Salvatore Bonaccorso on Tue Apr 29 23:00:01 2025

On Tue, Apr 29, 2025 at 10:41:37PM +0200, Salvatore Bonaccorso wrote:

Source: request-tracker4
Version: 4.4.7+dfsg-4
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for request-tracker4.

Making them RC severity as they should be fixed for the trixie release
before release.

Ignore this part, as request-tracker4 is not in trixie anyway. But
have the severity in sync with #1104422.

Regards,
Salvatore

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Salvatore Bonaccorso@21:1/5 to All on Thu May 8 21:00:01 2025

close 1104424 4.4.6+dfsg-1.1+deb12u2
thanks

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Salvatore Bonaccorso@21:1/5 to All on Thu May 8 22:00:01 2025

close 1068452 4.4.4+dfsg-2+deb11u4
close 1104424 4.4.4+dfsg-2+deb11u4
thanks

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Plume
  Sun Sep 14 09:34:52 2025
  from Uk via Raw
- Gretchiie
  Sun Sep 14 06:07:30 2025
  from Derry, Nh via Telnet
- Thlc
  Sat Sep 13 17:11:34 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 17:04:03 2025
  from Rognac, France via Telnet
- Thlc
  Sat Sep 13 16:32:19 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 15:41:11 2025
  from Rognac, France via SSH
- Thlc
  Sat Sep 13 07:56:03 2025
  from Rognac, France via SSH
- Gretchiie
  Sat Sep 13 07:22:10 2025
  from Derry, Nh via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	546
Nodes:	16 (0 / 16)
Uptime:	164:48:34
Calls:	10,385
Calls today:	2
Files:	14,057
Messages:	6,416,518