Accepted otrs2 3.3.9-3+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 07 Jun 2017 11:17:23 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.9-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 3)
otrs2 - Open Ticket Request System
Closes: 864319
Changes:
otrs2 (3.3.9-3+deb8u1) jessie-security; urgency=high
.
* Add patch 17-CVE-2017-9324:
This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
agent permission is capable by opening a specific URL in a browser to
gain administrative privileges / full access. Afterward, all system
settings can be read and changed.
Closes: #864319
Checksums-Sha1:
9d73ea0fcd46c5b1059d3f99a4db6a1c71e765ec 1799 otrs2_3.3.9-3+deb8u1.dsc
f699a67446def027f044bb55425eaab8f124ed2a 20457443 otrs2_3.3.9.orig.tar.bz2
03aaf53adabcd728a7b2a283a803ac4384670ced 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz
666ab7678f685d09b8f119dbcbd1ecc3867d35ce 5666094 otrs2_3.3.9-3+deb8u1_all.deb
9c6ca6b8da1b4659451f6c9d0dd8ff5e8e93e2c4 184044 otrs_3.3.9-3+deb8u1_all.deb
Checksums-Sha256:
3a2a5d2ed5e5a3eb8e668f09741039a1c7dfe2d86f18ce7d672ed00a2f931f5a 1799 otrs2_3.3.9-3+deb8u1.dsc
feb22e5a760b17d8d856c9adb348d453996454eee8c5bfa66a54202e90ce3803 20457443 otrs2_3.3.9.orig.tar.bz2
2c12b687221ecaa9fa61da4f39d298696a9e57d14253614b42e440417e459cef 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz
0f14b1205db0c4e3575a55e0a1c62ed5b46c049a14f4c418f0671c912d366fe0 5666094 otrs2_3.3.9-3+deb8u1_all.deb
c02bb85a0c1a8acaf0ff025935e2b1b7dead61726c140371de1fde1c5bed960b 184044 otrs_3.3.9-3+deb8u1_all.deb
Files:
ec0135c212a0d13284721a7a1b291c16 1799 web optional otrs2_3.3.9-3+deb8u1.dsc
93f3139e573dce3d592719f3d1562ea7 20457443 web optional otrs2_3.3.9.orig.tar.bz2
24ecc2ee96dfce9e9df132fbacbfc0a0 45292 web optional otrs2_3.3.9-3+deb8u1.debian.tar.xz
13d608451e83901d3ff6eb28dee2e0b9 5666094 web optional otrs2_3.3.9-3+deb8u1_all.deb
e256cd2766acbe304865b00718a9921e 184044 web optional otrs_3.3.9-3+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJZOSrrAAoJEBLZsEqQy9jkLEYQAKfpL+43JHRaWOHHByp2bPsI
vcmXN192EtNeS7OMUrgHQwdMf++7F6PyUw+Y22chO7x2TUN2PMY9/YN8oYdCuHz2
rPHwsr9KegSLtZeZQOHX48fh470MV44vI2VDawVXpIjzx9l+xJuh5hApRzxjn8kh
3DxRvYidvSEAdE9ab1vR/HHmrii2uBdMldX8Zxi8yJ+Y/h2UQw+A3HNcdmunW5Ob
Sadxq226gUHBkHA0NAeVmY3PCw+KWTZnU3GugFDJCcoUoHxSkW0AQ6Cl/uYnFC8p
E1rluLAMOFNAL6WDbZLudQvo3wolk/3We44DBkFQ4uTsLHKea8Oygf/BofxbWJ3W
jJYavbV6BEHXg/UVaGvXLzuzmguNTxtTQrQy8IGhv31DpBWQJdvfmAwp/lECECiX
YOxbF4TVc9bgIIoufZ/cDLWZM6DxKsw+xVZjcwWP5MBLwVBGsFZTV7iYQfJpjmOI
VOiJNG/6oiaSCWTBotCKzZ9mcle0SP3F0mIPbPF39ZJTMEVDPpbDHtxoFNAwUnU2
2U4eyKU6wsn8tJP6fFbMwp1m5loXTIac9eSteLeGbunSrYEfLqPVBWa/oI3U1+5k
fUd5HdclY16ZFE2POUAMDtBUM9nYNy8tYqJH+/1uCLrrLgO7MFeU8GoihhqxEM6Z
/tJYWhhDIV+FzXKCi+sB
=UI1z
-----END PGP SIGNATURE-----
Reply to: