Diffusion FreeBSD ports repository 83ad9bf61a23

www/rt50: Fix vulnerabilities
83ad9bf61a23
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

www/rt50: Fix vulnerabilities

The following issues are addressed with these security updates:

RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41259.
RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41260.
RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. This vulnerability is assigned CVE-2023-45024.
RT 5.0 can reveal information about data on various RT objects in errors and other response messages to REST 2 requests.

(cherry picked from commit 9f8d5a5f339905355c4f2728befc3adcb83d47e5)

Details

Provenance

Mikael Urankar

Authored on Oct 4 2023, 7:57 AM

Parents

R11:ac7961ef0d09: www/rt44: Fix vulnerabilities

Branches

Unknown

Tags

Unknown

Event Timeline

Mikael Urankar <mikael@FreeBSD.org> committed R11:83ad9bf61a23: www/rt50: Fix vulnerabilities (authored by Mikael Urankar <mikael@FreeBSD.org>).Oct 20 2023, 6:11 AM

Changes (2)

Path

Size

www/

rt50/

files/

patch-vuln-2023-09-26

R11:83ad9bf61a23

www/rt50/Makefile

Loading...

www/rt50/files/patch-vuln-2023-09-26

Loading...