Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queues address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Request_tracker | Bestpractical | 3.8.3 (including) | 3.8.3 (including) |
| Request_tracker | Bestpractical | 3.8.4 (including) | 3.8.4 (including) |
| Request_tracker | Bestpractical | 3.8.7 (including) | 3.8.7 (including) |
| Request_tracker | Bestpractical | 3.8.9 (including) | 3.8.9 (including) |
| Request_tracker | Bestpractical | 3.8.10 (including) | 3.8.10 (including) |
| Request_tracker | Bestpractical | 3.8.11 (including) | 3.8.11 (including) |
| Request_tracker | Bestpractical | 3.8.12 (including) | 3.8.12 (including) |
| Request_tracker | Bestpractical | 3.8.13 (including) | 3.8.13 (including) |
| Request_tracker | Bestpractical | 3.8.14 (including) | 3.8.14 (including) |
| Request-tracker3.8 | Ubuntu | lucid | * |
| Request-tracker3.8 | Ubuntu | precise | * |
| Request-tracker3.8 | Ubuntu | upstream | * |
| Request-tracker4 | Ubuntu | precise | * |
| Request-tracker4 | Ubuntu | quantal | * |
| Request-tracker4 | Ubuntu | raring | * |
| Request-tracker4 | Ubuntu | upstream | * |