diff options
author | Chris Lamb <lamby@debian.org> | 2022-06-23 08:40:32 +0100 |
---|---|---|
committer | Chris Lamb <lamby@debian.org> | 2022-06-23 08:40:32 +0100 |
commit | b92c6c2182dc526c8d255ba089065ed49bad1dd2 (patch) | |
tree | 0994e1aef41e5992407b3500acbf5ab5d484c28f | |
parent | 36b65aee873ab5aae40372e857ffec8aa0cca75d (diff) |
Add DLA-3057-1.
-rw-r--r-- | english/lts/security/2022/dla-3057.data | 9 | ||||
-rw-r--r-- | english/lts/security/2022/dla-3057.wml | 30 |
2 files changed, 39 insertions, 0 deletions
diff --git a/english/lts/security/2022/dla-3057.data b/english/lts/security/2022/dla-3057.data new file mode 100644 index 00000000000..060f5afa461 --- /dev/null +++ b/english/lts/security/2022/dla-3057.data @@ -0,0 +1,9 @@ +<define-tag pagetitle>DLA-3057-1 request-tracker4</define-tag> +<define-tag report_date>2022-06-23</define-tag> +<define-tag secrefs>CVE-2021-38562</define-tag> +<define-tag packages>request-tracker4</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security diff --git a/english/lts/security/2022/dla-3057.wml b/english/lts/security/2022/dla-3057.wml new file mode 100644 index 00000000000..223ecb5fcc2 --- /dev/null +++ b/english/lts/security/2022/dla-3057.wml @@ -0,0 +1,30 @@ +<define-tag description>LTS security update</define-tag> +<define-tag moreinfo> + +<p>It was discovered that there was an issue in request-tracker4, a extensible +ticket/issue tracking system. Sensitive information could have been revealed by +way of a timing attack on the authentication system.</p> + +<ul> + +<li><a href="https://security-tracker.debian.org/tracker/CVE-2021-38562">CVE-2021-38562</a> + + <p>Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, + and 5.0 before 5.0.2 allows sensitive information disclosure via a timing + attack against lib/RT/REST2/Middleware/Auth.pm.</p></li> + +</ul> + +<p>For Debian 9 <q>Stretch</q>, these problems have been fixed in version +4.4.1-3+deb9u4.</p> + +<p>We recommend that you upgrade your request-tracker4 packages.</p> + +<p>Further information about Debian LTS security advisories, how to apply +these updates to your system and frequently asked questions can be +found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/lts/security/2022/dla-3057.data" +# $Id: $ |