|
|
Subscribe / Log in / New account

Debian alert DLA-3057-1 (request-tracker4)



From:
              Chris Lamb <lamby@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3057-1] request-tracker4 security update


Date:
              Thu, 23 Jun 2022 03:42:07 -0400


Message-ID:
              <165596995862.404783.16565203704525803225@copycat>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3057-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
June 23, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : request-tracker4
Version        : 4.4.1-3+deb9u4
CVE ID         : CVE-2021-38562
Debian Bug     : #995175

It was discovered that there was an issue in request-tracker4, a
extensible ticket/issue tracking system. Sensitive information
could have been revealed by way of a timing attack on the
authentication system.

For Debian 9 "Stretch", this problem has been fixed in version
4.4.1-3+deb9u4.

We recommend that you upgrade your request-tracker4 packages.

For the detailed security status of request-tracker4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/request-tracker4

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmK0GKUACgkQHpU+J9Qx
HlhjpRAApVpaKCROWd4npxAMtHulSc8E+0dgwQ6rugBPFhnDQwEnxa+0ub1SDhHu
s48JRKBxPF4CxD4SnrMOGDeybe6udS/r0GJa2gDxD8Rj2Nep5T/vqRL8zUrhgxAn
N8Bjchc2BnxdAuwNlwh0a92PsDaPsl1p6u5LEPQEmez/G61kL4YPxznfqGBOET5h
8x6bXSPDJydQdNhXKrN8S1mLIsn2TP0QddddEiT9SX0oKG51sf704GB+5pDn9zHT
Q+Vxgh5K0YVMMezz8wL4NENOqjy5xbJy41QW3YLNagkQjdA+pA4r7JBPKUSCElll
0ahF/bbryFfx/oM+zWIQY/JqniCU5fMfdOXOYmvDz45DZcpcvlH2My/uKHKEjbFn
3iiiGtSDHGRABtY7M9yTmlwUd2dvdCPtUgO0pssDnqL7qzvKwfmi557z0v1F3re+
7I0GJEBx7X2vXlT9P+AcK6dDV5W30jT1remMPXTV0S+GJnw186EFboX7QoRg1Ecr
BsjFmYE8/AyvIA7deqloZivu6p4oCj0znCsC968dknXfLMIwsn5Oj25keT4rJqQZ
N7J4eYI2b0L5VHHT44hREHk/K0Zy2tmTGQx5tYNfwUsp4fsbAgI/4uPWoJhit5vs
6XpKkHVrwxh8MpQR546mO6wvybs1a4j8h9aNhdCtpJCdVJsO2GU=
=5Djv
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds