Skip to content

Commit

Permalink
www/rt50: Fix vulnerabilities
Browse files Browse the repository at this point in the history 
The following issues are addressed with these security updates:
  - RT is vulnerable to unvalidated email headers in incoming email and the
    mail-gateway REST interface.
    This vulnerability is assigned CVE-2023-41259.
  - RT is vulnerable to information leakage via response messages returned from
    requests sent via the mail-gateway REST interface.
    This vulnerability is assigned CVE-2023-41260.
  - RT 5.0 is vulnerable to information leakage via transaction searches made by
    authenticated users in the transaction query builder.
    This vulnerability is assigned CVE-2023-45024.
  - RT 5.0 can reveal information about data on various RT objects in errors and
    other response messages to REST 2 requests.
  • Loading branch information
@MikaelUrankar
MikaelUrankar committed Oct 20, 2023
1 parent c2ce69e commit 9f8d5a5
Show file tree
Hide file tree
Showing 2 changed files with 1,119 additions and 0 deletions.
1 change: 1 addition & 0 deletions www/rt50/Makefile
View file
@@ -1,5 +1,6 @@
PORTNAME= rt
DISTVERSION= 5.0.4
PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://download.bestpractical.com/pub/rt/release/
PKGNAMESUFFIX= 50
Expand Down

0 comments on commit 9f8d5a5

Please sign in to comment.