update to rt-5.0.3 due to CVE-2022-25802
Bug #2003565 reported by
Florian Wolff
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
request-tracker5 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
RT is vulnerable to cross-site scripting (XSS) when displaying
attachment content with fraudulent content types.
This is fixed in 5.0.3, so Maintainer, please provide upgraded packages asap.
CVE References
information type: | Private Security → Public |
To post a comment you must log in.
This is the commit which fixes this issue in case the Ubuntu dev's only want to fix the security issue: https:/ /github. com/bestpractic al/rt/commit/ 7986fd798df5d05 5ea2ff9f7420763 1ab307cfc8