• Accepted request-tracker4 4.4.4+dfsg-2+deb11u2 (source) into proposed-u

    From Debian FTP Masters@21:1/5 to All on Fri Jul 15 14:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Sun, 03 Jul 2022 20:09:25 +1200
    Source: request-tracker4
    Architecture: source
    Version: 4.4.4+dfsg-2+deb11u2
    Distribution: bullseye-security
    Urgency: medium
    Maintainer: Debian Request Tracker Group <pkg-request-tracker-maintainers@lists.alioth.debian.org>
    Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
    Changes:
    request-tracker4 (4.4.4+dfsg-2+deb11u2) bullseye-security; urgency=medium
    .
    * Apply upstream patch which fixes several security vulnerabilities.
    - A cross-site scripting (XSS) issue when displaying attachment content
    with fraudulent content types. This vulnerability is assigned
    CVE-2022-25802.
    - Not performing full rights checks on access to file or image type
    custom fields, possibly allowing access to these custom fields by
    users without rights to access to the associated objects (like the
    ticket it is associated with).
    Checksums-Sha1:
    9110f829e3bb412fdeb9732d538a3436aa47b959 5590 request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
    a550ba2a5f7281abf3e2638e950262524e752107 3178021 request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
    e2c9ed8716a180638b4ce34a05d67bcc6c4c0935 9977845 request-tracker4_4.4.4+dfsg.orig.tar.gz
    206c225fac90df9deee571866c461efa152d3715 88248 request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
    67f36a6bfc131e1b30fb87fb71f85af583ccc41b 18994 request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo
    Checksums-Sha256:
    d7f0efe42738087c8da7ef4e4d3f9f7ff941f091da447bbcb7b51f67e4ba46fe 5590 request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
    9f142a07b09cd34c9120fa71b88fab7904bdb475096ac7405766d7ca2ee3505d 3178021 request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
    34c316a4a78d7ee9b95d4391530f9bb3ff3edd99ebbebfac6354ed173e940884 9977845 request-tracker4_4.4.4+dfsg.orig.tar.gz
    2de4dbae5072b807f15dcfaf05633431cfc0046fd0e095864475391519965523 88248 request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
    79f4c18c3e66ad5fe9f99aba2c6d6d3719ee89e3f7358b613cbc857640cec8ef 18994 request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo
    Files:
    2fb81e4112ad46e6aa01d831d26f080e 5590 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2.dsc
    dc2037ca7437687836bf74fa9e3ecc96 3178021 misc optional request-tracker4_4.4.4+dfsg.orig-third-party-source.tar.gz
    4bb2ac970b70dfcb3b328472d1adc24e 9977845 misc optional request-tracker4_4.4.4+dfsg.orig.tar.gz
    d83fb3d7c8437f3f046fc89705715cd8 88248 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2.debian.tar.xz
    07e66d2be77def48e035ff3b2251e7b0 18994 misc optional request-tracker4_4.4.4+dfsg-2+deb11u2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQJBBAEBCAArFiEEy0llJ/kAnyscGnbawAV+cU1pT7IFAmLOxhYNHGRvbUBlYXJ0 aC5saQAKCRDABX5xTWlPsjSyEACd5YidTP4YJ6urmAYuf7eSU4rKsmIenPn47w/n il8j73V1rA6mOX9potadnyiWQnsAMKM+7GuIrM2TMPz2yGDn7MYoasGKW1kf/rl4 0SdfAXNfBdE9ZZQtY/GRKHVtmnuGC6mDE7M5gDVB1h3GFh+aChy91qe/2YS/WESx czn+ilfxZTnIr+vMbdeAyW+iTJIJ2yN7AOnyNctVkjmoWRiDSC/lVQJQpanwzk7f N7rQIQneQn/9hiWWFB9NN/GhFm6tMQJy6V3WO6pYtfMJZZpYa8/Gd3+7Y1tPwtv/ dvMmhXV6f9A0I94GZh2baPXFrrfxT25UNQj5Yaun2WxYF/Zel1gS/HLyEiY4lGlJ 1A59UHVz+JVXPUKjhzFROKP0OqQIU3drWwab8o3iuTRpJwL7iaLMlPucn3kBdC4D 2l+ZSM6STGR25KoJiVMA6U5I7hYCv/d5vysNRiJLaQsvt2pgW8VDqAkLTk16v6O/ lYrOYpy/Uo7DBW8LZOp1zdCTSJCbLVFtKwxW1JppiPX9yzskwjbSFsJEApSOLGIc dcxwn5pkPu+NJKgIhiAR9oCzhWcc089nsnQH8wQCxojz/t5Y+aL5/OUAg+Xdjwpv HBi0kmok+sHDWYqFykRFFWqUqLAmBEqUOnv/wCdczcfAOXbdSiTCBjSYNaEGAoIh
    /hv0Yg==
    =p0ej
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)