Several vulnerabilities were discovered in Request Tracker (RT), an issue
tracking system.
- CVE-2012-4730
Authenticated users can add arbitrary headers or content to
mail generated by RT.
- CVE-2012-4732
A CSRF vulnerability may allow attackers to toggle ticket
bookmarks.
- CVE-2012-4734
If users follow a crafted URI and log in to RT, they may
trigger actions which would ordinarily blocked by the CSRF
prevention logic.
- CVE-2012-6578,
CVE-2012-6579,
CVE-2012-6580,
CVE-2012-6581
Several different vulnerabilities in GnuPG processing allow
attackers to cause RT to improperly sign outgoing email.
- CVE-2012-4884
If GnuPG support is enabled, authenticated users can
create arbitrary files as the web server user, which may
enable arbitrary code execution.
Please note that if you run request-tracker3.8 under the Apache web
server, you must stop and start Apache manually. The restart
mechanism is not recommended, especially when using mod_perl.
For the stable distribution (squeeze), these problems have been fixed
in version 3.8.8-7+squeeze6.
For the unstable distribution (sid), these problems have been fixed in
version 4.0.7-2 of the request-tracker4 package.
We recommend that you upgrade your request-tracker3.8 packages.