A security flaw was found in the way the RT3 ticketing
system handled logging of SQL queries during performing
of user account transition. A remote, authenticated RT3
user could use this flaw to obtain sensitive information.
Upstream changeset (needs confirmation from upstream if it's
real fix for the issue yet):
This was assigned CVE-2011-1008:
Upstream indicated that the above changeset is not the fix, but this one is:
This is fixed in upstream version 3.8.9.
Created rt3 tracking bugs for this issue
Affects: fedora-all [bug 680218]
Affects: epel-6 [bug 680217]
rt3-3.6.11-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.