Source: request-tracker4 Version: 4.4.7+dfsg-4 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for request-tracker4. Making them RC severity as they should be fixed for the trixie release before release. CVE-2025-2545[0]: | uses the default OpenSSL cipher, 3DES (des3), for encrypting SMIME email CVE-2025-30087[1]: | Cross Site Scripting via injection of malicious parameters in a search URL If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-2545 https://www.cve.org/CVERecord?id=CVE-2025-2545 [1] https://security-tracker.debian.org/tracker/CVE-2025-30087 https://www.cve.org/CVERecord?id=CVE-2025-30087 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
