[Bug 1200065] New: CVE-2015-1165 rt: information disclosure flaw in RSS feed handler
bugzilla at redhat.com
bugzilla at redhat.com
Mon Mar 9 15:41:20 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1200065
Bug ID: 1200065
Summary: CVE-2015-1165 rt: information disclosure flaw in RSS
feed handler
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: mprpic at redhat.com
CC: perl-devel at lists.fedoraproject.org,
rc040203 at freenet.de, tibbs at math.uh.edu
An information disclosure flaw was found in Request Tracker's (RT) processed
RSS feed handler. A remote attacker could use this flaw to disclose RSS feed
URLs, which can potentially contain sensitive ticket data.
This flaw is fixed in 4.2.10:
https://bestpractical.com/release-notes/rt/4.2.10
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dSVy5FoXQF&a=cc_unsubscribe
More information about the perl-devel
mailing list