-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Apr 2025 15:48:48 +1200
Source: request-tracker4
Binary: request-tracker4 rt4-apache2 rt4-clients rt4-db-mysql rt4-db-postgresql rt4-db-sqlite rt4-doc-html rt4-fcgi rt4-standalone
Architecture: all
Version: 4.4.6+dfsg-1.1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Andrew Ruthven <andrew@etc.gen.nz>
Description:
 request-tracker4 - extensible trouble-ticket tracking system
 rt4-apache2 - Apache 2 specific files for request-tracker4
 rt4-clients - mail gateway and command-line interface to request-tracker4
 rt4-db-mysql - MySQL database backend for request-tracker4
 rt4-db-postgresql - PostgreSQL database backend for request-tracker4
 rt4-db-sqlite - SQLite database backend for request-tracker4
 rt4-doc-html - HTML documentation for request-tracker4
 rt4-fcgi   - External FastCGI support for request-tracker4
 rt4-standalone - Standalone web server support for request-tracker4
Closes: 1068452
Changes:
 request-tracker4 (4.4.6+dfsg-1.1+deb12u2) bookworm-security; urgency=medium
 .
   * Apply upstream patches which fixes several security vulnerabilities.
     - [CVE-2025-30087] Vulnerable to Cross Site Scripting via injection of
       malicious parameters in a search URL.
     - [CVE-2025-2545] RT uses the default OpenSSL cipher, 3DES (des3), for
       encrypting SMIME email. This is an outdated cipher algorithm, so the
       default is changed to aes-128-cbc. In addition, this is now configurable
       so you can pick an alternate cipher now or in the future, or revert to
       des3 if needed for compatibility
   * [CVE-2024-3262] Cherry-pick upstream fixes (Closes: #1068452).
Checksums-Sha1:
 d2e6c6876796c71f9e82f37c6f9a57138cd4aeea 20685 request-tracker4_4.4.6+dfsg-1.1+deb12u2_all-buildd.buildinfo
 920c1232655cf85d103ed8db2817d2dc428ed37f 5552408 request-tracker4_4.4.6+dfsg-1.1+deb12u2_all.deb
 d94e87a9610e7c03069d05820b6689cead06be3f 16788 rt4-apache2_4.4.6+dfsg-1.1+deb12u2_all.deb
 4ec02fe878983c355c2a21ae3d9b6fa3de0e556b 49224 rt4-clients_4.4.6+dfsg-1.1+deb12u2_all.deb
 297526bd3f27de13e1fa065843ee910fe4a1a63b 16064 rt4-db-mysql_4.4.6+dfsg-1.1+deb12u2_all.deb
 7d36f3ce78a2a061eb7db5d55adfa501e58251f6 16056 rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u2_all.deb
 bdb39a083650e164a9a0a781577e6db659abafb0 16164 rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u2_all.deb
 089208da2ad8b7b0a2c24e2f7b858f3b57eb38bc 3125568 rt4-doc-html_4.4.6+dfsg-1.1+deb12u2_all.deb
 106bbbb83027bb1836f5abd4d0c84580479f20e0 18544 rt4-fcgi_4.4.6+dfsg-1.1+deb12u2_all.deb
 af40b347a0becb51f355833c0d92e4544701b869 15544 rt4-standalone_4.4.6+dfsg-1.1+deb12u2_all.deb
Checksums-Sha256:
 e03a8d49780e91aa6d3f197b4a294af8496e52b37b8b59953ddc4f23858faf1b 20685 request-tracker4_4.4.6+dfsg-1.1+deb12u2_all-buildd.buildinfo
 7f9b9e00882781b6fffc07a48990550610ec186e2497398dcde679dfb3784fdf 5552408 request-tracker4_4.4.6+dfsg-1.1+deb12u2_all.deb
 dee26ab201f1b5c27803f04bf1db481119a1278700dfe5c8db1841492d96e293 16788 rt4-apache2_4.4.6+dfsg-1.1+deb12u2_all.deb
 08119e7fa712c3c88049dd390687d56dd49f407de5f20e74eaab98d95aa2ab9e 49224 rt4-clients_4.4.6+dfsg-1.1+deb12u2_all.deb
 8b2274ce710d5a5a4d66364a49ee8b83607483422b16fc6d3ed42782b6edf633 16064 rt4-db-mysql_4.4.6+dfsg-1.1+deb12u2_all.deb
 19d867a4f2babdb6528c4cd4baf5848cbb52240ba444cc76b2a7a158e039e220 16056 rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u2_all.deb
 ed8048ffb125f5780e76e77d3de5250822c736bc90eb4632be572f4aeda78022 16164 rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u2_all.deb
 9ab066d700714da93b3dd82014f449a307c93baf6d07c7eb502d965b4ce8f5f7 3125568 rt4-doc-html_4.4.6+dfsg-1.1+deb12u2_all.deb
 2f196805dfd2adf9c1094aa2bec38d9a0b3217a7d3c6d3eeb15e5f5c49294174 18544 rt4-fcgi_4.4.6+dfsg-1.1+deb12u2_all.deb
 7f744426707c40e09614ed725c388abac933c4c0e4292a02337f88de9667333e 15544 rt4-standalone_4.4.6+dfsg-1.1+deb12u2_all.deb
Files:
 ffb4b46ade4c7c118e76743200c70873 20685 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2_all-buildd.buildinfo
 2661dab6faad57f6e64d4bb6253c7701 5552408 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u2_all.deb
 44d66dacfd8e008b80a39cef3913ebb1 16788 misc optional rt4-apache2_4.4.6+dfsg-1.1+deb12u2_all.deb
 ebbf4ce146ddc8b32a7972ec6eff5dbb 49224 misc optional rt4-clients_4.4.6+dfsg-1.1+deb12u2_all.deb
 7716f5b3f5529562c3f4e84ce55cd7a6 16064 misc optional rt4-db-mysql_4.4.6+dfsg-1.1+deb12u2_all.deb
 39889394339f1786770a6c7457736781 16056 misc optional rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u2_all.deb
 767d7539ab4f8fbd54b2ea40c2ebc0b1 16164 misc optional rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u2_all.deb
 95dc1a2dad8d367f83760293f1056575 3125568 doc optional rt4-doc-html_4.4.6+dfsg-1.1+deb12u2_all.deb
 6bef1c4aea91c7875c976a45143be8ac 18544 misc optional rt4-fcgi_4.4.6+dfsg-1.1+deb12u2_all.deb
 790db6fa3cc7246b0c413fdd52e92248 15544 misc optional rt4-standalone_4.4.6+dfsg-1.1+deb12u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmgC9TkACgkQx30Wh8LX
l/bJpRAAr9EMHRQRwc67oeB7Z6BSGEnZthANtJMj7a1cK+GZLAekXjXWCMCH9g/j
vP7iHL0Imb1ai+IMoaMAK7T7zBeyWa1J9I0/cxPu3TPQe5mIMY8R6Efn1w+fK/X9
IgZT7f49kY6o3Y0AH+MEWY3QF/QPBqg5h1N65/Fme17Uj5I42+uzzNy/sN2WiHt/
CQrfWa5ZA2o0Tp66qUPokhp8LqJ85BaAwAOUxBH0udATBO/wg2HHiQythgM1B9z3
Vkkuo89ALHJlJRuBQXknFNGtAS9tAT26dYZnacInEfq8M6gkMkJNpTcqZgrsSF5N
RwpPiHJfBsVioYrmBUxeKMj46UlskC4a69QKPPBD2eAb1YaLjtuL8X9GpwgYHLsY
3xAbHZFYlW6TfvxDWAw8DHhrBMOvOcOFlEe3nIQT/ldxxTzpyWnA80c0JexoLfKA
WvDJEpukjmmPn0xn4klgs179FrSiLiTwkqfViybEMj9/3SK4/mkQElbA4SbyIr8C
BfjnmuEHWV9juJQu8Z3//J3e5siUFpi2VVKZx33QrR8nG2xA1bClS8Oo5hxpZSo7
plXQjQBSrfgSpWogOyQAAozrGGRgHKLigy/JRKBntK4csomyQvBI4unwtYqWLlZT
qottxhHrB23hW5hJ6a84HRQlXereVt3UBFnfyFBKNvbgHXih8/U=
=muU4
-----END PGP SIGNATURE-----