[SECURITY] [DLA 3057-1] request-tracker4 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3057-1] request-tracker4 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Thu, 23 Jun 2022 03:42:07 -0400 (EDT)
Message-id: <[🔎] 165596995862.404783.16565203704525803225@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3057-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
June 23, 2022                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : request-tracker4
Version        : 4.4.1-3+deb9u4
CVE ID         : CVE-2021-38562
Debian Bug     : #995175

It was discovered that there was an issue in request-tracker4, a
extensible ticket/issue tracking system. Sensitive information
could have been revealed by way of a timing attack on the
authentication system.

For Debian 9 "Stretch", this problem has been fixed in version
4.4.1-3+deb9u4.

We recommend that you upgrade your request-tracker4 packages.

For the detailed security status of request-tracker4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/request-tracker4

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmK0GKUACgkQHpU+J9Qx
HlhjpRAApVpaKCROWd4npxAMtHulSc8E+0dgwQ6rugBPFhnDQwEnxa+0ub1SDhHu
s48JRKBxPF4CxD4SnrMOGDeybe6udS/r0GJa2gDxD8Rj2Nep5T/vqRL8zUrhgxAn
N8Bjchc2BnxdAuwNlwh0a92PsDaPsl1p6u5LEPQEmez/G61kL4YPxznfqGBOET5h
8x6bXSPDJydQdNhXKrN8S1mLIsn2TP0QddddEiT9SX0oKG51sf704GB+5pDn9zHT
Q+Vxgh5K0YVMMezz8wL4NENOqjy5xbJy41QW3YLNagkQjdA+pA4r7JBPKUSCElll
0ahF/bbryFfx/oM+zWIQY/JqniCU5fMfdOXOYmvDz45DZcpcvlH2My/uKHKEjbFn
3iiiGtSDHGRABtY7M9yTmlwUd2dvdCPtUgO0pssDnqL7qzvKwfmi557z0v1F3re+
7I0GJEBx7X2vXlT9P+AcK6dDV5W30jT1remMPXTV0S+GJnw186EFboX7QoRg1Ecr
BsjFmYE8/AyvIA7deqloZivu6p4oCj0znCsC968dknXfLMIwsn5Oj25keT4rJqQZ
N7J4eYI2b0L5VHHT44hREHk/K0Zy2tmTGQx5tYNfwUsp4fsbAgI/4uPWoJhit5vs
6XpKkHVrwxh8MpQR546mO6wvybs1a4j8h9aNhdCtpJCdVJsO2GU=
=5Djv
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3056-1] exo security update
Next by Date: [SECURITY] [DLA 3058-1] libsndfile security update
Previous by thread: [SECURITY] [DLA 3056-1] exo security update
Next by thread: [SECURITY] [DLA 3058-1] libsndfile security update
Index(es):
- Date
- Thread