Candidate: CVE-2017-5944
PublicDate: 2017-07-03 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5944
Description:
 The dashboard subscription interface in Request Tracker (RT) 4.x before
 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 might allow remote
 authenticated users with certain privileges to execute arbitrary code via a
 crafted saved search name.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]

Patches_request-tracker4:
upstream_request-tracker4: released (4.4.1-4)
precise/esm_request-tracker4: DNE
trusty_request-tracker4: ignored (reached end-of-life)
trusty/esm_request-tracker4: DNE (trusty was needed)
vivid/ubuntu-core_request-tracker4: DNE
xenial_request-tracker4: ignored (end of standard support, was needed)
yakkety_request-tracker4: ignored (reached end-of-life)
zesty_request-tracker4: released (4.4.1-3+deb9u2build0.17.04.1)
artful_request-tracker4: not-affected (4.4.1-4)
bionic_request-tracker4: not-affected (4.4.1-4)
cosmic_request-tracker4: not-affected (4.4.1-4)
disco_request-tracker4: not-affected (4.4.1-4)
eoan_request-tracker4: not-affected (4.4.1-4)
focal_request-tracker4: not-affected (4.4.1-4)
groovy_request-tracker4: not-affected (4.4.1-4)
hirsute_request-tracker4: not-affected (4.4.1-4)
impish_request-tracker4: not-affected (4.4.1-4)
jammy_request-tracker4: not-affected (4.4.1-4)
devel_request-tracker4: not-affected (4.4.1-4)