DSA-3335 request-tracker4 - security update
|
Información sobre el sistema
|
|
|
Software afectado |
Debian |
Descripción
|
It was discovered that Request Tracker, an extensible trouble-tickettracking system is susceptible to a cross-site scripting attack via theuser and group rights management pages (CVE-2015-5475) and via thecryptography interface, allowing an attacker with a carefully-craftedkey to inject JavaScript into RTs user interface. Installations whichuse neither GnuPG nor S/MIME are unaffected by the second cross-sitescripting vulnerability.
More info:
https://www.debian.org/security/2015/dsa-3335 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-5475 and DSA-3335. |