Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5181-1] request-tracker4 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5181-1] request-tracker4 security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5181-1] request-tracker4 security update
  • Date: Wed, 13 Jul 2022 19:38:05 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/E1oBiBR-0000cy-8m AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version :Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=afcdW4p8eLeyaqs+v+c1+x222v+GLpqOBOcWqO8eR4Q=; b=Ai mq+ew+VwBqBmGGU5grsVsIAiZBM8lpNDsRxU1HHeMzDoBFjdTPMzgVfpmnXkJ8/dmehEAnJ9PBaqz wmOPdn2rlc1fhyDIfivFJuiJo1EOdKuH5Cz66j6mSKZKoUnBg1KAODTJmRCWt/+9u+lVgbHSBBIdZ k4ji34xc0nKKtQGth8+1v27MRAW7rRa53lvNFfbeqMsgJ3LRBtACiVIDhNPRntzgUHL87oLNu0nOd oo4amdpO/PTf/h6VNreSPbV0D+5VSkqNeD8vJFXSAPkr7WDXpSbXIF+ElGKcqofkWql0TWm4ySrCf Rr4Uf3qQHOiHU6odLeYeyRTwjQzxV9QA==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 13 Jul 2022 19:38:28 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <eC1imnIiHUE.A.jX.08xziB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5181-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 13, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : request-tracker4
CVE ID : CVE-2022-25802

Multiple vulnerabilities have been discovered in Request Tracker, an
extensible trouble-ticket tracking system.

CVE-2022-25802

It was discovered that Request Tracker is vulnerable to a cross-site
scripting (XSS) attack when displaying attachment content with
fraudulent content types.

Additionally it was discovered that Request Tracker did not perform full
rights checks on accesses to file or image type custom fields, possibly
allowing access to these custom fields by users without rights to access
to the associated objects, resulting in information disclosure.

For the oldstable distribution (buster), these problems have been fixed
in version 4.4.3-2+deb10u2.

For the stable distribution (bullseye), these problems have been fixed in
version 4.4.4+dfsg-2+deb11u2.

We recommend that you upgrade your request-tracker4 packages.

For the detailed security status of request-tracker4 please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/request-tracker4

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLPHf5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QZFBAAhYVb+ndyJufLPBj1NchSSHIO4TTQ0PCzXLR3WIXILhiQYwaII0rSqKmQ
5KuybJ5R+JQLrCASq3r/xAn0tW9rEgBInHyJQY1XqqCQSIvokJqG73PzdCahuH38
WBFN3k8+yT/C+wYPt+zQOTfAW5zDZ0r63XuC9gcrUGPcCXHP+V1H2dD5glxN9d1z
Hv1gysXuGZ3OLT3gLhRDpJBYmA7gLxEIONadLoofbBqSk8SCm9acWnwx+GOwBnbY
9vrVN57+nWDgBq/POdFC07iIIfQRGHf1BamfS/zhxZVun9R1TyiG7tO/BuHD89rM
J8A7f/V9j9f5wlBtFqjqA8XuJdOx5Pusp4bfOconrhKomUKgNE0dhYtMR9oGZuQC
WgUWbbvn+9Zsjken7hx2O6Grx/ZAg0K5zoDd/HQYhgJfLMBZ6FSUU4NMW25EWdU+
SOw1RVAMe60ZV78OidmJyZQ/xXO13D/LFEnFk3Q2tT3T5pHa70qBIyg9QLDyiJrz
YOGltAffdmhQXic6Aj9geBLMMnEkpLfPnehUN8tQkh3oYLUOqCJ9ztOUcHJyZCjE
JxICk/2JMjGmbzzWoZmAcnfZzwsq4ZmvB+fey8IJLRTok1Li+Cqh0Omm6FbV8kfN
wVfZv3cffnwPtpueYIn08nk0C1fZCEyNVWEsL6u9+m3f4pTYSVQ=
=98sY
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5181-1] request-tracker4 security update, Salvatore Bonaccorso, 13.07.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang