On Thu, Jul 16, 2009 at 07:55:39PM +0200, Moritz Muehlenhoff wrote: > Vinny Guido discovered that multiple input sanitising vulnerabilities > in Fckeditor, a rich text web editor component, may lead to the > execution of arbitrary code.
For the record, request-tracker3.8 currently embeds a (customised) version of fckeditor provided by RT upstream. However, I do not believe it is vulnerable to this issue as the connectors are not supplied. In addition, upstream in their next release plan to split out these customisations - when they do, I should hopefully be able to revert to the packaged version of the fckeditor. Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
