https://bugzilla.redhat.com/show_bug.cgi?id=1475068
Bug ID: 1475068
Summary: CVE-2016-6127 rt: Cross-site scripting via malicious
file upload
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: psamp...@redhat.com
CC: perl-devel@lists.fedoraproject.org,
rc040...@freenet.de, ti...@math.uh.edu
It was discovered that Request Tracker is vulnerable to a cross-site scripting
(XSS) attack if an attacker uploads a malicious file with a certain content
type. Installations which use the AlwaysDownloadAttachments config setting are
unaffected by this flaw. The applied fix addresses all existant and future
uploaded attachments.
Upstream patch:
https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
References:
http://www.securityfocus.com/bid/99375/info
https://www.debian.org/security/2017/dsa-3882
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
