Accepted otrs2 5.0.16-1+deb9u4 (source all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Dec 2017 13:51:47 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 5.0.16-1+deb9u4
Distribution: stretch-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 5)
otrs2 - Open Ticket Request System
Closes: 883774
Changes:
otrs2 (5.0.16-1+deb9u4) stretch-security; urgency=high
.
* Add patch 19-CVE-2017-16921:
This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is
logged into OTRS as an agent can manipulate form parameters and execute
arbitrary shell commands with the permissions of the OTRS or web server
user.
Closes: #883774
* Add patch 18-CVE-2017-16854:
This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is
logged into OTRS as a customer can use the ticket search form to disclose
internal article information of their customer tickets.
Checksums-Sha1:
b90b280cfba8c0d3fd997e90e7f21eb567c629f4 1838 otrs2_5.0.16-1+deb9u4.dsc
7eeec0cc2589a7f60b1ab667a68f3de8dfdcb69f 52152 otrs2_5.0.16-1+deb9u4.debian.tar.xz
f58783ec93abcd393a358faaac83018bf07c3250 7053752 otrs2_5.0.16-1+deb9u4_all.deb
17489cbc3e469f5e0481b47c2f2cb44d2745d76d 7279 otrs2_5.0.16-1+deb9u4_amd64.buildinfo
ec45137c9b38e67d5be87a7c95a46240e1d1bb45 213212 otrs_5.0.16-1+deb9u4_all.deb
Checksums-Sha256:
87a516cb0f449aee5fd11e4b5d152c1631211ea9a713582d58df1aaad2318832 1838 otrs2_5.0.16-1+deb9u4.dsc
39c63d62e493170b47feef78be0f38100c5717838fb7c375ad30b1cc583a431a 52152 otrs2_5.0.16-1+deb9u4.debian.tar.xz
5962af54dabba02c7eedb70f4bb9031d9a5ed469b7aae9454dba1f845adccb85 7053752 otrs2_5.0.16-1+deb9u4_all.deb
3c0e68d4afdcff7c50d77abc7eed1a8f9b8aaa73ac0e25fcbe6850ab88b9709c 7279 otrs2_5.0.16-1+deb9u4_amd64.buildinfo
28a297166d8f728edd2fe9612dc81cf51b609ad8ca1259f41dc93beb950a08e1 213212 otrs_5.0.16-1+deb9u4_all.deb
Files:
62fe6b57e57280b0b680a6a97490dd31 1838 non-free/web optional otrs2_5.0.16-1+deb9u4.dsc
bbdc224d8646474decab84dc81afbe45 52152 non-free/web optional otrs2_5.0.16-1+deb9u4.debian.tar.xz
75733df4f0b955d9e133cbc330818b7e 7053752 non-free/web optional otrs2_5.0.16-1+deb9u4_all.deb
4bf2258579e06ffc2855a6e2a29fa5bf 7279 non-free/web optional otrs2_5.0.16-1+deb9u4_amd64.buildinfo
eca8a54d47f6bf2166ae1a53a435b989 213212 non-free/web optional otrs_5.0.16-1+deb9u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloyM+gACgkQEtmwSpDL
2OQ+bA//VwaCMiqhVhqWxn3YrQlMWa7btgtyrwSwhsH/kL9+tD6ubY+7BO3PMDe0
UVCR00BTnueb2FoNHZrcJUEA9KRv/TtO9P+H5qrPJlUPZOs8x91zYmpihk5ILTwc
3L6IdOwQgKPaDmdRaDZ0KkKHBtQjilk4NxSnUOGxsKF0Abvbf76wIW1VW5yqmiaU
l9VQmZ8a2BEFIV+7Sa841vk3Vf5InlxLzyJLnvsROo2uwkEsqzIQAut7bo+POZqS
rJPZ+RplSPJIIW1GoM8GEcLcnPc7HzW3xgzEcEBGeI0vUjZx0YhWQnwWJOg0M4N1
nTNfZe36/lNriMyNh4EKFVxqtUDjJC7sr/51MxPTUuu63iNx9vyikmKCBPhnOebF
yv8209U25UHiuqYs5YjqlapOtobL2HQasZsf4E9vetJ/OE4C83UXXUj8ZoYM3Q4I
VJ/0DGiAeY8YhLLLt1qSNOOB0jNUiW2UrTU3Ex3JP7UKb0OMZ6ArDs8gYYPHdYPR
2iKYE+9FsZ2LI+vUcUgwg2a65V0xFDZpGJY9qQvAlmVQiH1EwIcwnf4HDj3UlBZ8
2XCeGD5ooOCWFScaHZJF5duM5KPQ7LeyQqXyH7zG2X6CmXEuWNc7iNKQetxDR3gH
MtfYdbV5H6rlTmBrIBA8E4Zk9M6UjOR9xVLyxbdjzOa6SEkorA8=
=zydQ
-----END PGP SIGNATURE-----
Reply to: