[SECURITY] Fedora EPEL 5 Update: rt3-3.6.11-2.el5
updates at fedoraproject.org
updates at fedoraproject.org
Thu Oct 27 19:06:22 UTC 2011
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2011-3238
2011-05-03 22:14:47
--------------------------------------------------------------------------------
Name : rt3
Product : Fedora EPEL 5
Version : 3.6.11
Release : 2.el5
URL : http://www.bestpractical.com/rt
Summary : Request tracker 3
Description :
RT is an enterprise-grade ticketing system which enables a group of people
to intelligently and efficiently manage tasks, issues, and requests submitted
by a community of users.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2011-0009 : Insecure hashing algorithm used for storage of user passwords
Fix for CVE-2011-1007 : Improper management of form data resubmittion upon user log out
Fix for CVE-2011-1008 : SQL queries information leak by user account transition
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #672250 - CVE-2011-0009 RT3: Insecure hashing algorithm used for storage of user passwords
https://bugzilla.redhat.com/show_bug.cgi?id=672250
[ 2 ] Bug #679411 - CVE-2011-1008 rt3: SQL queries information leak by user account transition
https://bugzilla.redhat.com/show_bug.cgi?id=679411
[ 3 ] Bug #679396 - CVE-2011-1007 rt3: Improper management of form data resubmittion upon user log out
https://bugzilla.redhat.com/show_bug.cgi?id=679396
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update rt3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list