-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Oct 2025 23:44:30 +1300 Source: request-tracker4 Binary: request-tracker4 rt4-apache2 rt4-clients rt4-db-mysql rt4-db-postgresql rt4-db-sqlite rt4-doc-html rt4-fcgi rt4-standalone Architecture: source all Version: 4.4.6+dfsg-1.1+deb12u3 Distribution: bookworm-security Urgency: medium Maintainer: Andrew Ruthven Changed-By: Andrew Ruthven Description: request-tracker4 - extensible trouble-ticket tracking system rt4-apache2 - Apache 2 specific files for request-tracker4 rt4-clients - mail gateway and command-line interface to request-tracker4 rt4-db-mysql - MySQL database backend for request-tracker4 rt4-db-postgresql - PostgreSQL database backend for request-tracker4 rt4-db-sqlite - SQLite database backend for request-tracker4 rt4-doc-html - HTML documentation for request-tracker4 rt4-fcgi - External FastCGI support for request-tracker4 rt4-standalone - Standalone web server support for request-tracker4 Changes: request-tracker4 (4.4.6+dfsg-1.1+deb12u3) bookworm-security; urgency=medium . * Apply upstream patch which fixes a security vulnerability. - [CVE-2025-61873] Fix CSV injection via ticket values with special characters that are exported to a TSV from search results. Checksums-Sha1: da5021a1dda563854237161cecc36873595eb410 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u3.dsc a94cec5d6a6068fb07b8545343400a45b13214e6 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 42047a4f7dc71c6fd51749c82aed3d6c3364f32a 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz 605eccf4536aa753c59e8daae593db36cb396050 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 80ae0be6f7a0eb5634709845363d47987e233164 154232 request-tracker4_4.4.6+dfsg-1.1+deb12u3.debian.tar.xz 74dc4c32cf2ec0081942445ebe1b6001abad8f0b 5552324 request-tracker4_4.4.6+dfsg-1.1+deb12u3_all.deb 7ea99bd5a2d40d608130bf5eba86195f39b530e8 21485 request-tracker4_4.4.6+dfsg-1.1+deb12u3_amd64.buildinfo 186d9d24d793431a289824394d0a3def7b33f0a7 16860 rt4-apache2_4.4.6+dfsg-1.1+deb12u3_all.deb d946a8af354771dc8502722d098a41569e41f9ac 49276 rt4-clients_4.4.6+dfsg-1.1+deb12u3_all.deb 545262ea1ea89d3007eecd2b91dd37231a974d8a 16140 rt4-db-mysql_4.4.6+dfsg-1.1+deb12u3_all.deb 0f8bb1cc435dc6e693966a3acd10fad21ca7ac5e 16136 rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u3_all.deb 135249ee2d94d901e59a5e30d24722f15050ff56 16244 rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u3_all.deb 9a61b8bad5d37c9915664398200af98600b5dde4 3125632 rt4-doc-html_4.4.6+dfsg-1.1+deb12u3_all.deb 507039f9ddb62d0fb8ea20b72e7291eba27b60c1 18616 rt4-fcgi_4.4.6+dfsg-1.1+deb12u3_all.deb 029b62a134d7069018509cbc77a07d9bb8936f84 15616 rt4-standalone_4.4.6+dfsg-1.1+deb12u3_all.deb Checksums-Sha256: 652cdf4d3254d40f979b8e92834d6943dca75f38b7155602fe29d3eb63ce7206 5978 request-tracker4_4.4.6+dfsg-1.1+deb12u3.dsc c60bce0df49c477ae50f61836dccdfd63a2bd6abb696e093688c15be7f0966a3 3175260 request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz 1eff5bd9e556b5d6682ccd0e5b2f3dcc2c49a9ec4e215dadb90c4caf5e435e9e 10783318 request-tracker4_4.4.6+dfsg.orig.tar.gz f93cefaa0c4d5047118168aa2212752fe4e5906d8696bcf8fc287a2345b53a71 455 request-tracker4_4.4.6+dfsg.orig.tar.gz.asc 7917b013923d1f4912002644dacdb8d74205920639160a323b41fcf100f3ee05 154232 request-tracker4_4.4.6+dfsg-1.1+deb12u3.debian.tar.xz 776b7b1946111a830591f0ad999932e237383881ccfbb8ffe7caf6c1c4f4ee17 5552324 request-tracker4_4.4.6+dfsg-1.1+deb12u3_all.deb fe55937119c721a9ba250d3ff0db09c9ea4fa5782c8fd80f01a4fa5c146eb3ae 21485 request-tracker4_4.4.6+dfsg-1.1+deb12u3_amd64.buildinfo 937dc172a9cb1ca6ea18a5ed8540cfc62f62f01b68648a244cf72f627adad6f9 16860 rt4-apache2_4.4.6+dfsg-1.1+deb12u3_all.deb 57f2950331d2971540b636a24d9b7163e590e25326e1241076604759c354441e 49276 rt4-clients_4.4.6+dfsg-1.1+deb12u3_all.deb 86a6032ba9983cd5d030da3af7ca2ee77ef24aeb0ced08225222bfd1881f6cbf 16140 rt4-db-mysql_4.4.6+dfsg-1.1+deb12u3_all.deb 08fe048f2b3a32f5abc95748a8bd7caf9c4bd6a79aa0a0ad42abf53fe4cef88b 16136 rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u3_all.deb 5127809a5cc0946acf1116504262a36af5c7eed0b129ddab4d2bfdb5bffd27de 16244 rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u3_all.deb d110b916f9761237716a8cf526f591124477f269ce9e7b7cd616a6d5b0d3952d 3125632 rt4-doc-html_4.4.6+dfsg-1.1+deb12u3_all.deb 01acf7b2d17027561da3454b1948dc722a613d4eb747ca7f61f8d910c15338d4 18616 rt4-fcgi_4.4.6+dfsg-1.1+deb12u3_all.deb 425668dac88393441b3788d870c07af11098e465ed8ee5de61aface7c07d4c23 15616 rt4-standalone_4.4.6+dfsg-1.1+deb12u3_all.deb Files: 9b10498b12369ac06ba05bc86c078e1c 5978 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u3.dsc 1fe827bf2c3d69960d70627209c49b9d 3175260 misc optional request-tracker4_4.4.6+dfsg.orig-third-party-source.tar.gz a34cde135dd5407df89d4a7ac752252f 10783318 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz 22d6678e6122cbdf290bbcc7d66ed6ca 455 misc optional request-tracker4_4.4.6+dfsg.orig.tar.gz.asc c3010414f6653ace6984123e9adb1faa 154232 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u3.debian.tar.xz b2c8f4339dce52a836f0e107e9bffe57 5552324 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u3_all.deb d48270e9d5fdbc12e234885e2c31e7f3 21485 misc optional request-tracker4_4.4.6+dfsg-1.1+deb12u3_amd64.buildinfo 5408070b9c72b3fc2753ad4e9ebd52a6 16860 misc optional rt4-apache2_4.4.6+dfsg-1.1+deb12u3_all.deb 083ab65f169892dccc17ff2adbe4c98e 49276 misc optional rt4-clients_4.4.6+dfsg-1.1+deb12u3_all.deb 99b01e5b80905c965896141b51eabd6a 16140 misc optional rt4-db-mysql_4.4.6+dfsg-1.1+deb12u3_all.deb 138c4f26a4d320b890068ed915155e36 16136 misc optional rt4-db-postgresql_4.4.6+dfsg-1.1+deb12u3_all.deb 2b8a60589a9815a1dffe15321defdb4e 16244 misc optional rt4-db-sqlite_4.4.6+dfsg-1.1+deb12u3_all.deb 4e4a466cc6c8287b760af9045ffd556b 3125632 doc optional rt4-doc-html_4.4.6+dfsg-1.1+deb12u3_all.deb 0fb6482a531958ff468934bc74e3183b 18616 misc optional rt4-fcgi_4.4.6+dfsg-1.1+deb12u3_all.deb a6e59e17917d57f26ad1adfe17c94ff7 15616 misc optional rt4-standalone_4.4.6+dfsg-1.1+deb12u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEExgP8TmAPHOzRyNl8S1PZMeTT6GMFAmj0Ny4ACgkQS1PZMeTT 6GNuJw//TQlc/rX0iYD0blt1oicYBsaoOTz+iVXMcWe2fxu4QtBucLeQldTXFJMK gzHYui0YBb37y66jwr4ubl0lINhjZtHdSHoWJ0e7KQT05IFqF6IcUWOrpvOCq8p0 w8Qv583KRHLg/wT2+rVogSTEPXiNi+AUQma/wWeB6YnROoYIyB+W480FSdiEZiat 1pCz51n/pwbfrsxNNtGaOA9RiQdxnMDBows4XyIQ3IgqHGZt8Ki3EPHunw65iKtA K1nPbMh4f6rDbb9FSvUSOq9fY4cDUkmkiaYKvp8ZRAP8WtRDghCBW6WeBKxLTYng tficl7rWDYhPJb1bvqhvtd9zINHPLRQn+V8EcWSmzjB7M0zTH2eReJ2slOq42N+i W6LnLvZcVwRNBvLn0xQ2YEh/Jf4F1ZW9EPz4GGcF1R2GhSai9X+CygaZO7dSRpSK tkMMHMbQVsTaqpqg1dMTA6erMZwzNy8sRgE4VNZ3W5jdm6IoqGt8i0HtzSuvzVRk VaB2KhxL1eHbp1S/OZK9I6NNBjv49Yc3us/oK2nuF8jUorT3Spbf9jryrrSTC44m HTdqYrIpkDW9qmnLBkl8j7oU17D/bsjHzW5TINq+gt0z4KPCfqtMmT7UGAMTd2pF KcjjFN52GIdAXZ7SSCKMUeGd53XMZC0G2iN3hlRB1SsHeAtMJ8o= =JOFk -----END PGP SIGNATURE-----