1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5181-1] request-tracker4 security update

    From Salvatore Bonaccorso@21:1/5 to All on Wed Jul 13 21:40:02 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5181-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso
    July 13, 2022 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : request-tracker4
    CVE ID : CVE-2022-25802

    Multiple vulnerabilities have been discovered in Request Tracker, an
    extensible trouble-ticket tracking system.

    CVE-2022-25802

    It was discovered that Request Tracker is vulnerable to a cross-site
    scripting (XSS) attack when displaying attachment content with
    fraudulent content types.

    Additionally it was discovered that Request Tracker did not perform full
    rights checks on accesses to file or image type custom fields, possibly allowing access to these custom fields by users without rights to access
    to the associated objects, resulting in information disclosure.

    For the oldstable distribution (buster), these problems have been fixed
    in version 4.4.3-2+deb10u2.

    For the stable distribution (bullseye), these problems have been fixed in version 4.4.4+dfsg-2+deb11u2.

    We recommend that you upgrade your request-tracker4 packages.

    For the detailed security status of request-tracker4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/request-tracker4

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLPHf5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QZFBAAhYVb+ndyJufLPBj1NchSSHIO4TTQ0PCzXLR3WIXILhiQYwaII0rSqKmQ 5KuybJ5R+JQLrCASq3r/xAn0tW9rEgBInHyJQY1XqqCQSIvokJqG73PzdCahuH38 WBFN3k8+yT/C+wYPt+zQOTfAW5zDZ0r63XuC9gcrUGPcCXHP+V1H2dD5glxN9d1z Hv1gysXuGZ3OLT3gLhRDpJBYmA7gLxEIONadLoofbBqSk8SCm9acWnwx+GOwBnbY 9vrVN57+nWDgBq/POdFC07iIIfQRGHf1BamfS/zhxZVun9R1TyiG7tO/BuHD89rM J8A7f/V9j9f5wlBtFqjqA8XuJdOx5Pusp4bfOconrhKomUKgNE0dhYtMR9oGZuQC WgUWbbvn+9Zsjken7hx2O6Grx/ZAg0K5zoDd/HQYhgJfLMBZ6FSUU4NMW25EWdU+ SOw1RVAMe60ZV78OidmJyZQ/xXO13D/LFEnFk3Q2tT3T5pHa70qBIyg9QLDyiJrz YOGltAffdmhQXic6Aj9geBLMMnEkpLfPnehUN8tQkh3oYLUOqCJ9ztOUcHJyZCjE JxICk/2JMjGmbzzWoZmAcnfZzwsq4ZmvB+fey8IJLRTok1Li+Cqh0Omm6FbV8kfN wVfZv3cffnwPtpueYIn08nk0C1fZCEyNVWEsL6u9+m3f4pTYSVQ=
    =98sY
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)