526870 – Update to rt 3.8.5

Bug 526870 - Update to rt 3.8.5

Summary: Update to rt 3.8.5

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	rt3
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Ralf Corsepius
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (5):	CVE-2009-3892 538174 538175 538176 538177 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-02 08:28 UTC by Xavier Bachelot
Modified:	2009-11-18 02:40 UTC (History)
CC List:	5 users (show)
Fixed In Version:	3.8.2-11.fc10
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-11-04 12:09:31 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Xavier Bachelot 2009-10-02 08:28:03 UTC

Description of problem:
All versions of RT from 3.4.6 to 3.8.4 are vulnerable to an escaping bug in the display of Custom Fields that could allow injection of javascript into the RT UI.

http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html

Comment 1 Fedora Update System 2009-10-13 02:09:01 UTC

rt3-3.8.4-6.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/rt3-3.8.4-6.fc12

Comment 2 Fedora Update System 2009-10-13 02:29:28 UTC

rt3-3.8.2-11.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/rt3-3.8.2-11.fc11

Comment 3 Fedora Update System 2009-10-13 03:05:16 UTC

rt3-3.8.2-11.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/rt3-3.8.2-11.fc10

Comment 4 Fedora Update System 2009-10-14 01:39:18 UTC

rt3-3.8.2-11.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rt3'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-10426

Comment 5 Fedora Update System 2009-11-04 12:08:49 UTC

rt3-3.8.2-11.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2009-11-04 12:09:27 UTC

rt3-3.8.2-11.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Ralf Corsepius 2009-11-18 02:34:18 UTC

*** Bug 538176 has been marked as a duplicate of this bug. ***

Comment 8 Ralf Corsepius 2009-11-18 02:35:02 UTC

*** Bug 538175 has been marked as a duplicate of this bug. ***

Comment 9 Ralf Corsepius 2009-11-18 02:35:38 UTC

*** Bug 538174 has been marked as a duplicate of this bug. ***

Comment 10 Ralf Corsepius 2009-11-18 02:36:14 UTC

*** Bug 538177 has been marked as a duplicate of this bug. ***

Comment 11 Ralf Corsepius 2009-11-18 02:40:09 UTC

*** Bug 538173 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.