Accepted otrs2 6.0.20-1~bpo10+1 (source all) into buster-backports, buster-backports

To: debian-backports-changes@lists.debian.org
Subject: Accepted otrs2 6.0.20-1~bpo10+1 (source all) into buster-backports, buster-backports
From: Patrick Matthäi <pmatthaei@debian.org>
Date: Tue, 30 Jul 2019 20:12:06 +0000
Message-id: <[🔎] E1hsYTe-00055p-4h@fasolo.debian.org>
Mail-followup-to: debian-backports@lists.debian.org
Reply-to: debian-backports@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 29 Jul 2019 10:50:51 +0200
Source: otrs2
Binary: otrs otrs2
Architecture: source all
Version: 6.0.20-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 6)
 otrs2      - Open Ticket Request System
Changes:
 otrs2 (6.0.20-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
 .
 otrs2 (6.0.20-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bump Standards-Version to 4.4.0.
 .
 otrs2 (6.0.19-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fixes OSA-2019-08, also known as CVE-2019-12248: An attacker could send a
       malicious email to an OTRS system. If a logged in agent user quotes it,
       the email could cause the browser to load external image resources.
     - Fixes OSA-2019-09, also known as CVE-2019-12497: In the customer or
       external frontend, personal information of agents can be disclosed like
       name and mail address in external notes.
   * Merge 6.0.16-2 changelog.
 .
 otrs2 (6.0.18-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
       into OTRS as an agent with appropriate permissions may create a carefully
       crafted calendar appointment in order to cause execution of JavaScript in
       the context of OTRS.
     - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
       into OTRS as an agent user with appropriate permissions may manipulate the
       URL to cause execution of JavaScript in the context of OTRS.
     - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
       into OTRS as an agent user with appropriate permissions may try to import
       carefully crafted Report Statistics XML that will result in reading of
       arbitrary files of OTRS filesystem.
 .
 otrs2 (6.0.17-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fixes OSA-2019-02: An attacker who is logged into OTRS as an admin user
       may manipulate the URL to cause execution of JavaScript in the context
       of OTRS.
Checksums-Sha1:
 783e83f9eee112bb7f0d90a5bd832ce0ab8cf13d 1843 otrs2_6.0.20-1~bpo10+1.dsc
 5ed88d9650b0931b002dd579e182dc71c3be2aa8 25562981 otrs2_6.0.20.orig.tar.bz2
 b101471c8854659ea30ddc5c1862239b5215fa7c 30004 otrs2_6.0.20-1~bpo10+1.debian.tar.xz
 333462a95675b0a2b6d20ad467d2bd6da381bc5d 9765328 otrs2_6.0.20-1~bpo10+1_all.deb
 b97cff6180b2bc7ab18519eeb8460df91e48b65f 5490 otrs2_6.0.20-1~bpo10+1_amd64.buildinfo
 7cce399878e99e6cffe44de5224fd4a52c6c3d89 251616 otrs_6.0.20-1~bpo10+1_all.deb
Checksums-Sha256:
 fd9f64db4cf46bf300a0413b67251a753bc92242361113444283d1a3e4b584f0 1843 otrs2_6.0.20-1~bpo10+1.dsc
 9679fd0ca2bde8f2d6b6279f5696c1f83f54358d1b0eecd7695a54e0b1e3c775 25562981 otrs2_6.0.20.orig.tar.bz2
 538be2c7050452f7cc6bc4be658b550cb8b633a59c4a1198c3ee6f7fc958df14 30004 otrs2_6.0.20-1~bpo10+1.debian.tar.xz
 591f0c493d3dc80dfc08546c21749883641a2b310cde1f76e6a292dfcb76e222 9765328 otrs2_6.0.20-1~bpo10+1_all.deb
 30ce0b15eddd58259811fbed196686bb14cb66e04d65bf0d7b246f0c4b7e39da 5490 otrs2_6.0.20-1~bpo10+1_amd64.buildinfo
 a528bd760cec4c91c336857c5d0165ff58146179ebc448796647354b2916e73d 251616 otrs_6.0.20-1~bpo10+1_all.deb
Files:
 b1061d918a088147ba6d0b105a1fe2b2 1843 non-free/web optional otrs2_6.0.20-1~bpo10+1.dsc
 74c49090211dc1155e9bfc84b1726f3f 25562981 non-free/web optional otrs2_6.0.20.orig.tar.bz2
 af9d8ce3f7069e9c9307caefa949b378 30004 non-free/web optional otrs2_6.0.20-1~bpo10+1.debian.tar.xz
 5f06bdabc17353409b0d60ca71865a89 9765328 non-free/web optional otrs2_6.0.20-1~bpo10+1_all.deb
 f78a76e3241e8fec17067d1284f96d78 5490 non-free/web optional otrs2_6.0.20-1~bpo10+1_amd64.buildinfo
 aafad697b5abcf909276c25c06329723 251616 non-free/web optional otrs_6.0.20-1~bpo10+1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl0+tooACgkQEtmwSpDL
2OTbTQ//YIifJdE1I0YgYlOBjIQFhLnfiJN6qO2EbbsKBbzziApLuF6Q8ywvK0l8
rxoUvynqZeZaSznzqFCMKZ80+usswXCVjhKFEImdiUFaMSGH4yAElN7WsN1WE6lX
8b7VKZ0cKrKAFfHXCGIHqOgng/kVYyeasZWgIdsoE0aDtmlSOn/Z845ZcTl8hH+y
CXFXbcBpR8elsJp7Ejcd1RHg/lHK7ijOMb4r1hfUfKW9074NBMXkB9tNX+hcX+Hv
wT7Nv8M9XIZp+XeA8d7PlYwBZtSZGrFMHSMXH2RMB2y63eFGq6NqqICG3wBWht1Q
1K0yOKzvy3JqVbbfv6qE13hXuMcF+RX5s0pI/VSTo/qmMbPUMEByTXHoN/DDmn2k
qNSjWSE/A3l1WBT8pCkYGUFe0ZAg51h8ywG4GfFHBomrpkAUqFKjNMbWVx4k8C+N
qABxmdcmM39VH9hK72XKV8WKBibNywMEw9tDZTr7ZhB1w0zW892p35eSScX/FsIy
IuBmYyNfOytInLgI4fpqyPp1RP5O6UJlT/ojUEB0fVLpw6UxsPfnzLUdSaeSSfOa
sWwi4tUMuKqBeg+Y+QdaQjzm1NARKTRk8ZL8HIqAJBKxAOUc4D/As1N4u+aQ4jtY
6DaCX+Q5zejPBRgURtKVpD3oWdmZLcqrdA1iFhZ4Pkf9+y1AhNE=
=zxdD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted glusterfs 6.4-2~bpo10+1 (source amd64) into buster-backports, buster-backports
Next by Date: Accepted elixir-lang 1.9.1.dfsg-1~bpo10+1 (source amd64) into buster-backports, buster-backports
Previous by thread: Accepted glusterfs 6.4-2~bpo10+1 (source amd64) into buster-backports, buster-backports
Next by thread: Accepted elixir-lang 1.9.1.dfsg-1~bpo10+1 (source amd64) into buster-backports, buster-backports
Index(es):
- Date
- Thread