Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3335-1] request-tracker4 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3335-1] request-tracker4 security update


Chronologisch Thread 
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3335-1] request-tracker4 security update
  • Date: Thu, 13 Aug 2015 13:16:34 +0000
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 13 Aug 2015 13:16:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <Q5AK1tMEJKI.A.vHD.DjJzVB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3335-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 13, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : request-tracker4
CVE ID : CVE-2015-5475

It was discovered that Request Tracker, an extensible trouble-ticket
tracking system is susceptible to a cross-site scripting attack via the
user an group rights management pages (CVE-2015-5475) and via the
cryptography interface, allowing an attacker with a carefully-crafted
key to inject JavaScript into RT's user interface. Installations which
use neither GnuPG nor S/MIME are unaffected by the second cross-site
scripting vulnerability.

For the oldstable distribution (wheezy), these problems have been fixed
in version 4.0.7-5+deb7u4. The oldstable distribution (wheezy) is only
affected by CVE-2015-5475.

For the stable distribution (jessie), these problems have been fixed in
version 4.2.8-3+deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 4.2.11-2.

We recommend that you upgrade your request-tracker4 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVzJhOAAoJEAVMuPMTQ89Exc8P/3jiiaHi58Qd7XKfXtrhiZ9F
C151U/8ohyNmh1bPt2VaxJbKI+7/ILYqDzbuYNhrtDg8zgCcBN3O/kjpuJ7lEJo4
569osYurswsZTknZ3JND0BRazmkHUX4T4NFTMOB2DvsV/cpBy7tMvq4ZzHrMoned
If+NfyuU8FEJKpielUixulzNzowXGOEwsPp9RTEitRhzWnh5GjM92e+9fyFa4d94
Iy9yIMZkKhB3uxJWX52dxA8sqVzn6Q4Pz7IWbKrgccrEb3p7VYoJ72ehWI5sNR/J
FhRJhd09tn/kbl+c4BMG4awNZFLlRbGUsK6Dy0OWz5jdiUx4BF/7hyyJ6k3M/ZIT
wktinMGRPXcteOXt5VFPhCBkGSqnEUwejTUwwFpTcimQ9RPyMjvaYrmOiqVpRIMB
JaDhPVF9vXGvf6TwbLDio8TE1tdDvDupsf54jHYnJm6Xg/FuBJSn6Gu7A0FhWEsS
Viq5ROODuMbmyPdU3KVK9wEh3XLFyWr4HUvKFCInIA2fvc8X+i7Ysopfwm2AmgUl
LN0IYHsvoSTuvtAAUYzY9HaGXdJbRGZMNIje4jv66JqNNrWHr1aWgWXLQhjMZzF8
MNaRffl33jZQAA4Y2X1w0vou44PNxZjNhPp9MjnOkLpgy2CgiftO3jh2wv+kFWFu
VEgGCo6aTDpXbU/3nUL0
=Aes9
-----END PGP SIGNATURE-----




  • [IT-SecNots] [SECURITY] [DSA 3335-1] request-tracker4 security update, Salvatore Bonaccorso, 13.08.2015

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang