Bug 526872

Summary: Update to rt 3.6.9
Product: [Fedora] Fedora EPEL Reporter: Xavier Bachelot <xavier>
Component: rt3Assignee: Xavier Bachelot <xavier>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: el5CC: mmahut, perl-devel, rc040203, xavier
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 3.6.9-1.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-28 22:21:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xavier Bachelot 2009-10-02 08:30:43 UTC 
Description of problem:
All versions of RT from 3.4.6 to 3.8.4 are vulnerable to an escaping bug in the display of Custom Fields that could allow injection of javascript into the RT UI.

http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html
Comment 1 Fedora Update System 2009-10-06 07:27:10 UTC 
rt3-3.6.9-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/rt3-3.6.9-1.el5
Comment 2 Fedora Update System 2009-10-08 18:05:08 UTC 
rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rt3'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0602
Comment 3 Fedora Update System 2009-10-28 22:21:12 UTC 
rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.