Diffusion FreeBSD ports repository 9f8d5a5f3399

www/rt50: Fix vulnerabilities
9f8d5a5f3399
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

www/rt50: Fix vulnerabilities

The following issues are addressed with these security updates:

RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41259.
RT is vulnerable to information leakage via response messages returned from requests sent via the mail-gateway REST interface. This vulnerability is assigned CVE-2023-41260.
RT 5.0 is vulnerable to information leakage via transaction searches made by authenticated users in the transaction query builder. This vulnerability is assigned CVE-2023-45024.
RT 5.0 can reveal information about data on various RT objects in errors and other response messages to REST 2 requests.

Details

Provenance

Mikael Urankar

Authored on Oct 4 2023, 7:57 AM

Parents

R11:c2ce69e2f52b: www/rt44: Fix vulnerabilities

Branches

Unknown

Tags

Unknown

Event Timeline

Mikael Urankar <mikael@FreeBSD.org> committed R11:9f8d5a5f3399: www/rt50: Fix vulnerabilities (authored by Mikael Urankar <mikael@FreeBSD.org>).Oct 20 2023, 6:08 AM

Restricted Repository Identity mentioned this in R11:83ad9bf61a23: www/rt50: Fix vulnerabilities.Oct 20 2023, 6:12 AM

Changes (2)

Path

Size

www/

rt50/

files/

patch-vuln-2023-09-26

R11:9f8d5a5f3399

www/rt50/Makefile

Loading...

www/rt50/files/patch-vuln-2023-09-26

Loading...