Candidate: CVE-2015-6506
PublicDate: 2015-09-03 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6506
 http://www.openwall.com/lists/oss-security/2015/08/13/8
Description:
 Cross-site scripting (XSS) vulnerability in the cryptography interface in
 Request Tracker (RT) before 4.2.12 allows remote attackers to inject
 arbitrary web script or HTML via a crafted public key.
Ubuntu-Description:
Notes:
 tyhicks> RT 4.2.0 and above are affected up to 4.0.24, 4.2.12.
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_request-tracker3.8:
upstream_request-tracker3.8: needs-triage
precise_request-tracker3.8: not-affected
trusty_request-tracker3.8: DNE
trusty/esm_request-tracker3.8: DNE
vivid_request-tracker3.8: DNE
devel_request-tracker3.8: DNE

Patches_request-tracker4:
 upstream: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
upstream_request-tracker4: released (4.2.11-2)
precise_request-tracker4: not-affected
trusty_request-tracker4: not-affected (4.0.19-1)
trusty/esm_request-tracker4: DNE (trusty was not-affected [4.0.19-1])
vivid_request-tracker4: released (4.2.8-3+deb8u1build0.15.04.1)
devel_request-tracker4: not-affected (4.2.11-2)