[request-tracker-maintainers] Bug#532990: request-tracker3.6: ShowConfigTab unintentionall grants rights intended for SuperUsers
Dominic Hargreaves
dom at earth.li
Sat Jun 13 15:28:59 UTC 2009
Package: request-tracker3.6
Version: 3.6.7-5
Severity: important
Tags: patch
RT 3.6.8 was released this week with a fix for a minor security issue:
"The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all versions since
3.6.2, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you."
http://lists.bestpractical.com/pipermail/rt-announce/2009-June/000169.html
A short patch is included with the release.
More information about the pkg-request-tracker-maintainers
mailing list