https://bugzilla.redhat.com/show_bug.cgi?id=1475081
Bug ID: 1475081
Summary: CVE-2017-5944 rt: Remote code execution in the
dashboard subscription interface
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-t...@redhat.com
Reporter: psamp...@redhat.com
CC: perl-devel@lists.fedoraproject.org,
rc040...@freenet.de, ti...@math.uh.edu
t was discovered that Request Tracker is prone to a remote code execution
vulnerability in the dashboard subscription interface. A privileged attacker
can take advantage of this flaw through carefully-crafted saved search names to
cause unexpected code to be executed.
Upstream patch:
https://forum.bestpractical.com/t/security-vulnerabilities-in-rt-2017-06-15/32016
References:
https://www.debian.org/security/2017/dsa-3882
http://www.securityfocus.com/bid/99381
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
