[request-tracker-maintainers] Bug#683290: rt3.8-rtfm: multiple XSS vulnerabilities in RTFM
Yves-Alexis Perez
corsac at debian.org
Mon Jul 30 15:05:47 UTC 2012
Package: rt3.8-rtfm
Severity: important
Hi,
multiple cross-side scripting (XSS) vulnerabilities were found in RTFM.
From
http://blog.bestpractical.com/2012/07/security-vulnerabilities-in-three-commonly-deployed-rt-extensions.html:
----
RT::FM versions 2.0.4 through 2.4.3, inclusive, are vulnerable to
multiple cross-site scripting (XSS) attacks in the topic administration
page. CVE-2012-2768 has been assigned to this vulnerability. This
release also includes updates for compatibility with RT 3.8.12. As RT
4.0 and above bundle RT::FM's functionality, and resolved this
vulnerability in RT 4.0.6, this update is only applicable to
installations of RT 3.8.
----
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-grsec-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the pkg-request-tracker-maintainers
mailing list