| Package | request-tracker4 |
|---|---|
| Version | 4.4.3-2+deb10u5 (buster) |
| Related CVEs | CVE-2025-61873 |
It was discovered that Request Tracker, an extensible trouble-ticket tracking system is prone to a CSV injection via ticket values with special characters that are exported to a TSV from search results.
For Debian 10 buster, these problems have been fixed in version 4.4.3-2+deb10u5.
We recommend that you upgrade your request-tracker4 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.