Candidate: CVE-2015-5475
PublicDate: 2015-08-14 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5475
 https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
 https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT)
 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or
 HTML via vectors related to the (1) user and (2) group rights management
 pages.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_request-tracker3.8:
upstream_request-tracker3.8: needs-triage
precise_request-tracker3.8: ignored (reached end-of-life)
precise/esm_request-tracker3.8: DNE (precise was needed)
trusty_request-tracker3.8: DNE
trusty/esm_request-tracker3.8: DNE
vivid_request-tracker3.8: DNE
vivid/stable-phone-overlay_request-tracker3.8: DNE
vivid/ubuntu-core_request-tracker3.8: DNE
wily_request-tracker3.8: DNE
xenial_request-tracker3.8: DNE
yakkety_request-tracker3.8: DNE
zesty_request-tracker3.8: DNE
artful_request-tracker3.8: DNE
bionic_request-tracker3.8: DNE
cosmic_request-tracker3.8: DNE
disco_request-tracker3.8: DNE
devel_request-tracker3.8: DNE

Patches_request-tracker4:
upstream_request-tracker4: released (4.2.11-2)
precise_request-tracker4: ignored (reached end-of-life)
precise/esm_request-tracker4: DNE (precise was needed)
trusty_request-tracker4: ignored (reached end-of-life)
trusty/esm_request-tracker4: DNE (trusty was needed)
vivid_request-tracker4: released (4.2.8-3+deb8u1build0.15.04.1)
vivid/stable-phone-overlay_request-tracker4: DNE
vivid/ubuntu-core_request-tracker4: DNE
wily_request-tracker4: not-affected (4.2.11-2)
xenial_request-tracker4: not-affected (4.2.11-2)
yakkety_request-tracker4: not-affected (4.2.11-2)
zesty_request-tracker4: not-affected (4.2.11-2)
artful_request-tracker4: not-affected (4.2.11-2)
bionic_request-tracker4: not-affected (4.2.11-2)
cosmic_request-tracker4: not-affected (4.2.11-2)
disco_request-tracker4: not-affected (4.2.11-2)
devel_request-tracker4: not-affected (4.2.11-2)