Bug 941912 (CVE-2015-5475) - VUL-0: CVE-2015-5475: Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.xbefore 4.2.12 allow ...
Summary: VUL-0: CVE-2015-5475: Multiple cross-site scripting (XSS) vulnerabilities in ...
Status: RESOLVED FIXED
Alias: CVE-2015-5475
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Lars Vogdt
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/122044/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-17 08:32 UTC by Alexander Bergmann
Modified: 2021-10-12 13:41 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Lars Vogdt 2015-08-17 09:30:16 UTC 
Fixed for our internal RT instances:
* https://tickets.nue.suse.com/
* https://infra.nue.suse.com/
which run 4.0.23 now, addressing the reported issue (CVE-2015-5475)
Comment 2 Lars Vogdt 2015-08-17 13:35:29 UTC 
Fixed and updated package submitted to devel:languages:perl - thus closing here as fixed.
Comment 3 Alexander Bergmann 2015-08-18 15:28:13 UTC 
Okay, this comment is just for reference as only RT 4.2.0 and above are vulnerable:

https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4

CVE-2015-6506 was assigned to this issue.