Bug 526872 - Update to rt 3.6.9
Summary: Update to rt 3.6.9
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: rt3
Version: el5
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Xavier Bachelot
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-02 08:30 UTC by Xavier Bachelot
Modified: 2009-10-28 22:21 UTC (History)
4 users (show)

Fixed In Version: 3.6.9-1.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-10-28 22:21:17 UTC


Attachments (Terms of Use)

Description Xavier Bachelot 2009-10-02 08:30:43 UTC
Description of problem:
All versions of RT from 3.4.6 to 3.8.4 are vulnerable to an escaping bug in the display of Custom Fields that could allow injection of javascript into the RT UI.

http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html

Comment 1 Fedora Update System 2009-10-06 07:27:10 UTC
rt3-3.6.9-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/rt3-3.6.9-1.el5

Comment 2 Fedora Update System 2009-10-08 18:05:08 UTC
rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rt3'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0602

Comment 3 Fedora Update System 2009-10-28 22:21:12 UTC
rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.