[Secure-testing-team] Bug#546778: request-tracker3.6: XSS vulnerability when displaying Custom Field values
Dominic Hargreaves
dom at earth.li
Tue Sep 15 17:18:56 UTC 2009
Package: request-tracker3.6
Version: 3.6.7-5+lenny1
Severity: important
Tags: security patch
According to
http://lists.bestpractical.com/pipermail/rt-announce/2009-September/000172.html
RT 3.6 contains a security problem which affects configurations
populating Custom Fields using untrusted data. A patch is provided.
More information about the Secure-testing-team
mailing list