https://bugzilla.redhat.com/show_bug.cgi?id=1200069 Bug ID: 1200069 Summary: CVE-2015-1464 rt: session hijaking flaw in RSS feed handler Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@xxxxxxxxxx Reporter: mprpic@xxxxxxxxxx CC: perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, rc040203@xxxxxxxxxx, tibbs@xxxxxxxxxxx A session hijaking flaw was found in Request Tracker's (RT) processed RSS feed handler. A remote attacker could use an RSS feed URL to hijack a session of a different user. This flaw is fixed in 4.2.10: https://bestpractical.com/release-notes/rt/4.2.10 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OgkfPMAZCR&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
