Jan Wagner uploaded new packages for request-tracker3.8 which fixed the
following security problems:

  It was discovered that Request Tracker, an issue tracking system,
  stored passwords in its database by using an insufficiently strong
  hashing method. If an attacker would have access to the password
  database, he could decode the passwords stored in it.


For the lenny-backports distribution the problems have been fixed in
version 3.8.8-7~bpo50+1.

For the unstable (sid) distribution, the problem has been fixed in version
3.8.8-7, for testing (squeeze) the fix should follow soon.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <https://backports.debian.org/Instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed  backports will be installed automatically.

  Package: *
  Pin: release a=lenny-backports
  Pin-Priority: 200