CVE-2011-0009
Publication date 25 January 2011
Last updated 24 July 2024
Ubuntu priority
Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.
Status
Package | Ubuntu Release | Status |
---|---|---|
request-tracker3.4 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
request-tracker3.6 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise | Not in release | |
11.10 oneiric | Not in release | |
11.04 natty | Not in release | |
10.10 maverick | Not in release | |
10.04 LTS lucid | Not in release | |
9.10 karmic | Ignored end of life | |
8.04 LTS hardy | Ignored end of life, was pending | |
6.06 LTS dapper | Not in release | |
request-tracker3.8 | 13.04 raring | Not in release |
12.10 quantal | Not in release | |
12.04 LTS precise |
Not affected
|
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Fixed 3.8.10-1
|
|
10.10 maverick |
Fixed 3.8.8-4ubuntu0.1
|
|
10.04 LTS lucid |
Fixed 3.8.7-1ubuntu2.2
|
|
9.10 karmic | Ignored end of life | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |
Notes
jdstrand
for Lucid, please test packages in lucid-proposed and report in https://launchpad.net/bugs/750339