|From the Debian advisory:
Authenticated users can add arbitrary headers or content to
mail generated by RT.
A CSRF vulnerability may allow attackers to toggle ticket
CVE-2012-4734: If users follow a crafted URI and log in to RT, they may trigger actions which would ordinarily blocked by the CSRF prevention logic.
CVE-2012-4735: Several different vulnerabilities in GnuPG processing allow attackers to cause RT to improperly sign outgoing email.
CVE-2012-4884: If GnuPG support is enabled, authenticated users attackers can create arbitrary files as the web server user, which may enable arbitrary code execution.