526872 – Update to rt 3.6.9

Bug 526872 - Update to rt 3.6.9

Summary: Update to rt 3.6.9

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	rt3
Sub Component:
Version:	el5
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Xavier Bachelot
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-10-02 08:30 UTC by Xavier Bachelot
Modified:	2009-10-28 22:21 UTC (History)
CC List:	4 users (show)
Fixed In Version:	3.6.9-1.el5
Clone Of:
Environment:
Last Closed:	2009-10-28 22:21:17 UTC
Type:	---
Embargoed:

Attachments	(Terms of Use)

Description Xavier Bachelot 2009-10-02 08:30:43 UTC

Description of problem:
All versions of RT from 3.4.6 to 3.8.4 are vulnerable to an escaping bug in the display of Custom Fields that could allow injection of javascript into the RT UI.

http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html

Comment 1 Fedora Update System 2009-10-06 07:27:10 UTC

rt3-3.6.9-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/rt3-3.6.9-1.el5

Comment 2 Fedora Update System 2009-10-08 18:05:08 UTC

rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rt3'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/EL-5/FEDORA-EPEL-2009-0602

Comment 3 Fedora Update System 2009-10-28 22:21:12 UTC

rt3-3.6.9-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.