Candidate: CVE-2011-1685
PublicDate: 2011-04-22 10:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1685
Description:
 Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through
 4.0.0rc7, when the CustomFieldValuesSources (aka external custom field)
 option is enabled, allows remote authenticated users to execute arbitrary
 code via unspecified vectors, as demonstrated by a cross-site request
 forgery (CSRF) attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_request-tracker3.8:
upstream_request-tracker3.8: released (3.8.10)
dapper_request-tracker3.8: DNE
hardy_request-tracker3.8: DNE
karmic_request-tracker3.8: ignored (reached end-of-life)
lucid_request-tracker3.8: released (3.8.7-1ubuntu2.2)
maverick_request-tracker3.8: released (3.8.8-4ubuntu0.1)
natty_request-tracker3.8: released (3.8.10-1)
oneiric_request-tracker3.8: not-affected
devel_request-tracker3.8: not-affected