Debian Security Advisory

DSA-2568-1 rtfm -- privilege escalation

Date Reported:
26 Oct 2012
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2012-4731.
More information:

It was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.

For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-4+squeeze2.

We recommend that you upgrade your rtfm packages.