{"id":"DEBIAN-CVE-2012-6578","details":"Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a \"Sign by default\" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.","modified":"2026-04-28T20:04:58.323921Z","published":"2013-07-24T12:01:45.083Z","upstream":["CVE-2012-6578"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-6578"}],"affected":[{"package":{"name":"request-tracker4","ecosystem":"Debian:11","purl":"pkg:deb/debian/request-tracker4?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.7-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6578.json"}},{"package":{"name":"request-tracker4","ecosystem":"Debian:12","purl":"pkg:deb/debian/request-tracker4?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.7-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-6578.json"}}],"schema_version":"1.7.5"}