mirror of
https://git.FreeBSD.org/ports.git
synced 2025-01-07 06:40:06 +00:00
www/rt50: Fix vulnerabilities
The following issues are addressed with these security updates:
- RT is vulnerable to unvalidated email headers in incoming email and the
mail-gateway REST interface.
This vulnerability is assigned CVE-2023-41259.
- RT is vulnerable to information leakage via response messages returned from
requests sent via the mail-gateway REST interface.
This vulnerability is assigned CVE-2023-41260.
- RT 5.0 is vulnerable to information leakage via transaction searches made by
authenticated users in the transaction query builder.
This vulnerability is assigned CVE-2023-45024.
- RT 5.0 can reveal information about data on various RT objects in errors and
other response messages to REST 2 requests.
This commit is contained in:
Mikael Urankar
parent
c2ce69e2f5
commit
9f8d5a5f33
@ -1,5 +1,6 @@
|
||||
PORTNAME= rt
|
||||
DISTVERSION= 5.0.4
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= http://download.bestpractical.com/pub/rt/release/
|
||||
PKGNAMESUFFIX= 50
|
||||
|
||||
1118
www/rt50/files/patch-vuln-2023-09-26
Normal file
1118
www/rt50/files/patch-vuln-2023-09-26
Normal file
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user