[Rt-commit] rtfm branch, 2.4.5-releng, created. 2.4.4-4-gea14d03

Kevin Falcone falcone at bestpractical.com
Thu Oct 25 19:13:20 EDT 2012 

The branch, 2.4.5-releng has been created
        at  ea14d03069d53f5ab82c0567921cae8b2377d267 (commit)

- Log -----------------------------------------------------------------
commit 9a5b2eba39c542fd76374f22e0ca59b11f6e1aac
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Fri Aug 24 11:31:26 2012 -0700

    Load the Class as the current user when creating Articles
    
    We use the loaded class to check the CreateArticle right, which is
    always true for the system user.  This enabled any privileged user to
    create articles in any class that existed given a crafted URL.  Only the
    core article fields were usable (Name, Summary, Class), since custom
    fields are protected by independent rights.
    
    Resolves CVE-2012-4731.
    
    Backported from rt.git:72ee404.

diff --git a/lib/RT/FM/Article_Overlay.pm b/lib/RT/FM/Article_Overlay.pm
index 316850a..de832d9 100644
--- a/lib/RT/FM/Article_Overlay.pm
+++ b/lib/RT/FM/Article_Overlay.pm
@@ -98,7 +98,7 @@ sub Create {
         @_
     );
 
-    my $class = RT::FM::Class->new($RT::SystemUser);
+    my $class = RT::FM::Class->new( $self->CurrentUser );
     $class->Load( $args{'Class'} );
     unless ( $class->Id ) {
         return ( 0, $self->loc('Invalid Class') );

commit 9f79474dda3946eb7b644c31aadb0de8622cf0a9
Merge: 73f1883 9a5b2eb
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Thu Oct 25 19:12:11 2012 -0400

    Merge branch 'security/rtfm/create-article' into 2.4.5-releng


commit ea14d03069d53f5ab82c0567921cae8b2377d267
Author: Kevin Falcone <falcone at bestpractical.com>
Date:   Thu Oct 25 19:12:48 2012 -0400

    Bump version and update changelog for 2.4.5

diff --git a/.gitignore b/.gitignore
index b0378e2..98d3b11 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ blib
 pm_to_blib
 t/tmp
 *.swp
+MYMETA.*
diff --git a/Changelog b/Changelog
index 015f53e..599a906 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,10 @@
+2.4.5
+
+SECURITY
+========
+* Close a vulnerability that allowed users to create Articles in any Class.
+  This resolves CVE-2012-4731.
+
 2.4.4
 
 SECURITY
diff --git a/lib/RT/FM.pm b/lib/RT/FM.pm
index bd50a63..e20a0da 100644
--- a/lib/RT/FM.pm
+++ b/lib/RT/FM.pm
@@ -51,7 +51,7 @@ use 5.008003;
 use strict;
 use warnings;
 
-our $VERSION = '2.4.HEAD';
+our $VERSION = '2.4.5';
 
 # Create a system object for RTFM
 use RT::FM::System;

-----------------------------------------------------------------------

More information about the Rt-commit mailing list