FreeBSD Ports: rt40

The remote host is missing an update to the system as announced in the referenced advisory.

The following packages are affected: rt40 rt38 CVE-2012-4730 Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. CVE-2012-4731 FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. CVE-2012-4732 Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks. CVE-2012-4734 Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a 'confused deputy' attack to bypass the CSRF warning protection mechanism and cause victims to 'modify arbitrary state' via unknown vectors related to a crafted link. CVE-2012-4884 Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.

Update your system with the appropriate patches or software upgrades.