CVE-2011-4458 in Ubuntu

CVE-2011-4458

Priority

Medium

Description

Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x
before 4.0.6, when the VERPPrefix and VERPDomain options are enabled,
allows remote attackers to execute arbitrary code via unspecified vectors,
a different vulnerability than CVE-2011-5092 and CVE-2011-5093.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4458

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674522
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674558

Notes

jdstrand> regressions found in DSA-2480 (see bugs)

Package

Source: rt (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: request-tracker3.6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	DNE
Ubuntu 12.04 LTS (Precise Pangolin):	DNE
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Package

Source: request-tracker4 (LP Ubuntu Debian)

Upstream:	released (4.0.5-3)
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	DNE
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	needs-triage
Ubuntu 12.10 (Quantal Quetzal):	not-affected (4.0.5-3)
Ubuntu 13.04 (Raring Ringtail):	not-affected (4.0.5-3)
Ubuntu 13.10 (Saucy Salamander):	not-affected (4.0.5-3)

Patches:

Vendor:

http://www.debian.org/security/2012/dsa-2480

Package

Source: request-tracker3.8 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	DNE
Ubuntu 10.04 LTS (Lucid Lynx):	released (3.8.7-1ubuntu2.3)
Ubuntu 11.10 (Oneiric Ocelot):	released (3.8.10-1ubuntu0.1)
Ubuntu 12.04 LTS (Precise Pangolin):	released (3.8.11-1ubuntu0.1)
Ubuntu 12.10 (Quantal Quetzal):	DNE
Ubuntu 13.04 (Raring Ringtail):	DNE
Ubuntu 13.10 (Saucy Salamander):	DNE

Patches:

Debdiff:

https://bugs.launchpad.net/bugs/1004835

More Information

Updated: 2013-05-09 15:15:56 UTC (commit 6824)