drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in Request Tracker
Name: |
Cross-Site Scripting in Request Tracker |
|
ID: |
DSA-3335-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian wheezy, Debian jessie |
|
Datum: |
Do, 13. August 2015, 20:53 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5475 |
|
Applikationen: |
Request Tracker |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3335-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso August 13, 2015 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : request-tracker4 CVE ID : CVE-2015-5475
It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages (CVE-2015-5475) and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.
For the oldstable distribution (wheezy), these problems have been fixed in version 4.0.7-5+deb7u4. The oldstable distribution (wheezy) is only affected by CVE-2015-5475.
For the stable distribution (jessie), these problems have been fixed in version 4.2.8-3+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 4.2.11-2.
We recommend that you upgrade your request-tracker4 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVzJhOAAoJEAVMuPMTQ89Exc8P/3jiiaHi58Qd7XKfXtrhiZ9F C151U/8ohyNmh1bPt2VaxJbKI+7/ILYqDzbuYNhrtDg8zgCcBN3O/kjpuJ7lEJo4 569osYurswsZTknZ3JND0BRazmkHUX4T4NFTMOB2DvsV/cpBy7tMvq4ZzHrMoned If+NfyuU8FEJKpielUixulzNzowXGOEwsPp9RTEitRhzWnh5GjM92e+9fyFa4d94 Iy9yIMZkKhB3uxJWX52dxA8sqVzn6Q4Pz7IWbKrgccrEb3p7VYoJ72ehWI5sNR/J FhRJhd09tn/kbl+c4BMG4awNZFLlRbGUsK6Dy0OWz5jdiUx4BF/7hyyJ6k3M/ZIT wktinMGRPXcteOXt5VFPhCBkGSqnEUwejTUwwFpTcimQ9RPyMjvaYrmOiqVpRIMB JaDhPVF9vXGvf6TwbLDio8TE1tdDvDupsf54jHYnJm6Xg/FuBJSn6Gu7A0FhWEsS Viq5ROODuMbmyPdU3KVK9wEh3XLFyWr4HUvKFCInIA2fvc8X+i7Ysopfwm2AmgUl LN0IYHsvoSTuvtAAUYzY9HaGXdJbRGZMNIje4jv66JqNNrWHr1aWgWXLQhjMZzF8 MNaRffl33jZQAA4Y2X1w0vou44PNxZjNhPp9MjnOkLpgy2CgiftO3jh2wv+kFWFu VEgGCo6aTDpXbU/3nUL0 =Aes9 -----END PGP SIGNATURE-----
|
|
|
|