| Release | Version |
|---|---|
| bookworm | 5.0.3+dfsg-3~deb12u2 |
| bookworm (security) | 5.0.3+dfsg-3~deb12u3 |
| trixie | 5.0.7+dfsg-2 |
| sid | 5.0.7+dfsg-3 |
| Bug | bookworm | trixie | sid | Description |
|---|---|---|---|---|
| CVE-2025-31501 | fixed | vulnerable | fixed | Cross Site Scripting via JavaScript injection in an Asset name |
| CVE-2025-31500 | fixed | vulnerable | fixed | Cross Site Scripting via JavaScript injection in an RT permalink |
| CVE-2025-30087 | fixed | vulnerable | fixed | Cross Site Scripting via injection of malicious parameters in a search URL |
| CVE-2025-2545 | fixed | vulnerable | fixed | Vulnerability in Best Practical Solutions, LLC's Request Tracker v5.0. ... |
| Bug | Description |
|---|---|
| CVE-2024-3262 | Information exposure vulnerability in RT software affecting version 4. ... |
| CVE-2023-45024 | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information ... |
| CVE-2023-41260 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ... |
| CVE-2023-41259 | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ... |
| CVE-2022-25803 | Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect ... |
| CVE-2022-25802 | Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 ... |
| CVE-2021-38562 | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ... |
| DSA / DLA | Description |
|---|---|
| DSA-5909-1 | request-tracker5 - security update |
| DSA-5541-1 | request-tracker5 - security update |