[H-GEN] Request tracker 1 or 2
Greg Black
gjb at humbug.org.au
Wed Mar 27 23:44:43 EST 2002
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Please observe the list's charter. ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]
Robert Brockway wrote:
| Hi all. It looks like I'll be asked to setup RT (from
| http://www.fsck.com) for my new workplace to allow for job tracking, etc.
Anybody who is interested in or using RT should note the
following announcement from its author:
---------- Start of forwarded message ----------
Date: Wed, 27 Mar 2002 23:16:35 -0500
From: Jesse Vincent <jesse at bestpractical.com>
To: rt-announce at fsck.com
Message-ID: <20020327231635.A20019 at fsck.com>
Subject: [rt-announce] RT 2.0.13 - CRITICAL FIX FOR REMOTE EXPLOIT
45 minutes ago, I was informed of a remotely exploitable
bug in RT 2.0's password verification routine that can
allow remote users who have HTTP access to an RT
instance's web interface to gain administrative
permissions. This bug affects ALL releases of RT 2.0
prior to 2.0.13.
RT 2.0.13, which resolves this issue, is immediately
available from:
http://fsck.com/pub/rt/release/rt-2-0-13.tar.gz
[...]
---------- End of forwarded message ----------
Greg
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.
More information about the General
mailing list