CVE-2011-0009

Publication date 25 January 2011

Last updated 24 July 2024


Ubuntu priority

Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
request-tracker3.4 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Ignored end of life
request-tracker3.6 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
11.10 oneiric Not in release
11.04 natty Not in release
10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Ignored end of life
8.04 LTS hardy Ignored end of life, was pending
6.06 LTS dapper Not in release
request-tracker3.8 13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Fixed 3.8.10-1
10.10 maverick
Fixed 3.8.8-4ubuntu0.1
10.04 LTS lucid
Fixed 3.8.7-1ubuntu2.2
9.10 karmic Ignored end of life
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release

Notes


jdstrand

for Lucid, please test packages in lucid-proposed and report in https://launchpad.net/bugs/750339

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
request-tracker3.8