update to rt-4.4.6 due to CVE-2022-25802
Bug #2003561 reported by
Florian Wolff
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
request-tracker4 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
RT is vulnerable to cross-site scripting (XSS) when displaying
attachment content with fraudulent content types.
This is fixed in 4.4.6, so Maintainer, please provide upgraded packages asap.
CVE References
To post a comment you must log in.