Candidate: CVE-2013-3525
PublicDate: 2013-05-10 21:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3525
 http://blog.bestpractical.com/2013/04/on-our-security-policies.html
 http://xforce.iss.net/xforce/xfdb/83375
 http://packetstormsecurity.com/files/121245/RT-Request-Tracker-4.0.10-SQL-Injection.html
 http://osvdb.org/92265
 http://cxsecurity.com/issue/WLB-2013040083
Description:
 ** DISPUTED **  SQL injection vulnerability in Approvals/ in Request
 Tracker (RT) 4.0.10 and earlier allows remote attackers to execute
 arbitrary SQL commands via the ShowPending parameter.  NOTE: the vendor
 disputes this issue, stating "We were unable to replicate it, and the
 individual that reported it retracted their report," and "we had verified
 that the claimed exploit did not function according to the author's
 claims."
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_request-tracker3.8:
upstream_request-tracker3.8: needs-triage
lucid_request-tracker3.8: ignored (reached end-of-life)
precise_request-tracker3.8: ignored (reached end-of-life)
precise/esm_request-tracker3.8: DNE (precise was needs-triage)
quantal_request-tracker3.8: DNE
raring_request-tracker3.8: DNE
saucy_request-tracker3.8: DNE
trusty_request-tracker3.8: DNE
trusty/esm_request-tracker3.8: DNE
utopic_request-tracker3.8: DNE
vivid_request-tracker3.8: DNE
vivid/stable-phone-overlay_request-tracker3.8: DNE
vivid/ubuntu-core_request-tracker3.8: DNE
wily_request-tracker3.8: DNE
xenial_request-tracker3.8: DNE
yakkety_request-tracker3.8: DNE
zesty_request-tracker3.8: DNE
devel_request-tracker3.8: DNE

Patches_request-tracker4:
upstream_request-tracker4: released (4.0.12-1)
lucid_request-tracker4: DNE
precise_request-tracker4: ignored (reached end-of-life)
precise/esm_request-tracker4: DNE (precise was needed)
quantal_request-tracker4: ignored (reached end-of-life)
raring_request-tracker4: ignored (reached end-of-life)
saucy_request-tracker4: not-affected (4.0.13-1)
trusty_request-tracker4: not-affected (4.0.19-1)
trusty/esm_request-tracker4: DNE (trusty was not-affected [4.0.19-1])
utopic_request-tracker4: not-affected (4.0.19-1)
vivid_request-tracker4: not-affected (4.0.19-1)
vivid/stable-phone-overlay_request-tracker4: DNE
vivid/ubuntu-core_request-tracker4: DNE
wily_request-tracker4: not-affected (4.0.19-1)
xenial_request-tracker4: not-affected (4.0.19-1)
yakkety_request-tracker4: not-affected (4.0.19-1)
zesty_request-tracker4: not-affected (4.0.19-1)
devel_request-tracker4: not-affected (4.0.19-1)