Re: Re: CVE Request -- rt3 -- two issues: 1) Improper management of form data resubmittion upon user log out 2) SQL queries information leak by user account transition

[Vincent Danen <vdanen () redhat com>]

* [2011-02-24 18:02:06 +0100] Ralf Corsepius wrote:

> On 02/24/2011 05:45 PM, Vincent Danen wrote:
> > * [2011-02-23 14:06:58 -0500] Josh Bressers wrote:
> >
> > > > Is Redhat packaging RT now, or are you just handling the CVEs?
> > >
> > > I'm not aware of Red Hat packaging RT. I'm just assign CVE ids to
> > > public issues.
> Folks, my feel is you all are picking on words and details.

It is possible that Josh didn't realize it was packaged in Fedora and
EPEL (we do package quite a few things).

> > RT3 is packaged in Fedora and EPEL.
> Correct. rt3 is community maintained in Fedora and RHEL. I am doing 
> so for Fedora and other people do for RHEL.
> So, strictly speaking it's not "Red Hat packaged", but 
> community-contributed to "Red Hat owned products" (Fedora rsp. Fedora 
> EPEL) and some folks @RH are filing CVS against it, for reasons I 
> don't know.

I'm not sure what you mean by that last statement (filing CVS against
it).  Do you mean filing bugs?

--
Vincent Danen / Red Hat Security Response Team