Subject: CVS commit: pkgsrc/devel/rt4
From: Ryo ONODERA
Date: 2016-01-31 00:54:20
Message id: 20160130235420.83980FBB7@cvs.NetBSD.org
Log Message:
Update to 4.2.12

Changelog:
This release is a security release which addresses the following
vulnerabilities:

RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack via
the user and group rights management pages.  This vulnerability is assigned
CVE-2015-5475.  It was discovered and reported by Marcin Kopeć at Data \ 
Reliance
Shared Service Center.

RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface.  This vulnerability could allow an attacker
with a carefully-crafted key to inject JavaScript into RT's user interface.
Installations which use neither GnuPG nor S/MIME are unaffected.
Files:
RevisionActionfile
1.2modifypkgsrc/devel/rt4/INSTALL
1.4modifypkgsrc/devel/rt4/MESSAGE
1.22modifypkgsrc/devel/rt4/Makefile
1.10modifypkgsrc/devel/rt4/PLIST
1.13modifypkgsrc/devel/rt4/distinfo