Accepted otrs2 2.4.9+dfsg1-3+squeeze5 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Feb 2014 13:33:07 +0100
Source: otrs2
Binary: otrs2
Architecture: source all
Version: 2.4.9+dfsg1-3+squeeze5
Distribution: oldstable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs2 - Open Ticket Request System
Changes:
otrs2 (2.4.9+dfsg1-3+squeeze5) oldstable-security; urgency=high
.
* Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
OSA-2014-01:
An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
OSA-2014-02:
An attacker with a valid customer or agent login could inject SQL in
the ticket search URL.
Checksums-Sha1:
97d4d343816af6793f8b957b1fc69a2107f95933 1750 otrs2_2.4.9+dfsg1-3+squeeze5.dsc
0417ece1dc5de59d6890f1250942324aa5be94c0 39184 otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
ca92b509f7f059b4e9e2fda452802491e9c493aa 4094726 otrs2_2.4.9+dfsg1-3+squeeze5_all.deb
Checksums-Sha256:
38f5f84981479e9ca55a7bf5bc6a9546a97ba304767873d51d3acc080539cdf8 1750 otrs2_2.4.9+dfsg1-3+squeeze5.dsc
67ccb3d9115f34ece287a483b68496b04cd916fefe9b5f50e31622b09bd11b47 39184 otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
6ef39977e73c06eced870cc1e10a3169a2738aaee31897483168ed8e794252d7 4094726 otrs2_2.4.9+dfsg1-3+squeeze5_all.deb
Files:
2ad979bfd6182c2bdc5886416ac660db 1750 web optional otrs2_2.4.9+dfsg1-3+squeeze5.dsc
a9a90da1b823c1657509ad9d03f8b0b6 39184 web optional otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
abc43c07e5ed8d2212e9d810752e5290 4094726 web optional otrs2_2.4.9+dfsg1-3+squeeze5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJTB53QAAoJEBLZsEqQy9jkrA8P/Rxu5rmN87JTvh3gPqea15nW
Utw6xmfts4Lp69udeB5IRKVt680CZ4hnJes4XXPW0pPRUUjHykFukTDC3RcyHQnH
LGUh1gnf7hDyqTh3ZMFT8EqyzLasQAu4wDwuLAlmz/8Nnzc1kRW+GPjEWQgadURj
Zf2hH2iAWbuQmQIUB+c2PpZbp2TxVO+OtsMLnSO7o8tE/ub36TfQt/KxlWGd7t9y
L/G/YGN4vEDL/h/bjari8+PPZC6YZDbMg7BfR+YlvOT0sUDniM9VLXT2qpJnjzyr
ZnBvqlpHWkQgJm1+2xZq9hDlImsiAxb3UrID83FXVgLw4TOSN21RTaxPtgd22t13
rTeM11Xt725vakYG9Og4TeEWVhD9IcKKEPYXPG1A1uRYikBN4HtuCSe0Z6Ylvk+P
PFB+Yg6s2Luu/QI1aHfs74vX/Spqe+b+RYRZCPX00tm5uol8Be4BeGLxMSlxdYVl
tlE18svbfzfHqvJxlaPRAaVG1Rm9+lIe7isI9TGRvwk95BM5/B1q5iHkUdFohVy0
KWBCBa7KFcLfYQjVvIjnzAbgAcFUVvRSP99GWdLJJCXLnBPharopxYedUElJkhka
Rqobb9Ufq6Xip6Kx0bD6WflfI82KDFDudJrF0Mfbi+Cu7+Wgrr5JHuHgQuaYYLqi
eonZNn/ZVzxkmMD1f1l9
=7TxN
-----END PGP SIGNATURE-----
Reply to: