Description of problem: All versions of RT from 3.4.6 to 3.8.4 are vulnerable to an escaping bug in the display of Custom Fields that could allow injection of javascript into the RT UI. http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000173.html
rt3-3.8.4-6.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/rt3-3.8.4-6.fc12
rt3-3.8.2-11.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/rt3-3.8.2-11.fc11
rt3-3.8.2-11.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/rt3-3.8.2-11.fc10
rt3-3.8.2-11.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rt3'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-10426
rt3-3.8.2-11.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
rt3-3.8.2-11.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 538176 has been marked as a duplicate of this bug. ***
*** Bug 538175 has been marked as a duplicate of this bug. ***
*** Bug 538174 has been marked as a duplicate of this bug. ***
*** Bug 538177 has been marked as a duplicate of this bug. ***
*** Bug 538173 has been marked as a duplicate of this bug. ***