Debian Security Advisory
DSA-2568-1 rtfm -- privilege escalation
- Date Reported:
- 26 Oct 2012
- Affected Packages:
- rtfm
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-4731.
- More information:
-
It was discovered that RTFM, the FAQ manager for Request Tracker, allows authenticated users to create articles in any class.
For the stable distribution (squeeze), this problem has been fixed in version 2.4.2-4+squeeze2.
We recommend that you upgrade your rtfm packages.