Accepted otrs2 3.3.18-1+deb8u3 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted otrs2 3.3.18-1+deb8u3 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
From: Patrick Matthäi <pmatthaei@debian.org>
Date: Mon, 25 Dec 2017 10:33:36 +0000
Message-id: <[🔎] E1eTQ4e-0008Cw-LE@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Dec 2017 13:11:19 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 3)
 otrs2      - Open Ticket Request System
Closes: 883774
Changes:
 otrs2 (3.3.18-1+deb8u3) jessie-security; urgency=high
 .
   * Add patch 18-OSA-2017-08:
     This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is
     logged into OTRS as a customer can use the ticket search form to disclose
     internal article information of their customer tickets.
   * Add patch 19-OSA-2017-09:
     This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is
     logged into OTRS as an agent can manipulate form parameters and execute
     arbitrary shell commands with the permissions of the OTRS or web server
     user.
     Closes: #883774
Checksums-Sha1:
 adfb032f863a63dc2fddd8e5d5ee4c0de50c48e6 1820 otrs2_3.3.18-1+deb8u3.dsc
 586934b555250a8387b8ca018aa17c266436640c 42492 otrs2_3.3.18-1+deb8u3.debian.tar.xz
 ee2fb3ced7b2c6d6814c690be596a1c41b964198 5644830 otrs2_3.3.18-1+deb8u3_all.deb
 5e1d318549841427a87c3d7815dcc2823fb2df27 188570 otrs_3.3.18-1+deb8u3_all.deb
Checksums-Sha256:
 379e01840e1e2acfb27e6443e4099f8f7726daa51c267280c43d691f23a52e5a 1820 otrs2_3.3.18-1+deb8u3.dsc
 9c7b081847769995b0559dbe8272fbfde79cb19a9104efccd42ba801b799da36 42492 otrs2_3.3.18-1+deb8u3.debian.tar.xz
 6bdaf1f9a3cec91078467ab427174665051b343b685a87d8519b2088eccbaac3 5644830 otrs2_3.3.18-1+deb8u3_all.deb
 274b1f11de7aa85ff9532d29116ba8a6cfe68c73a61c9919eb7c2cf1a7a249f8 188570 otrs_3.3.18-1+deb8u3_all.deb
Files:
 12d2f41d20c75f9f926f2d32cbbbd1de 1820 web optional otrs2_3.3.18-1+deb8u3.dsc
 84e756a3bd4460d36e2fd1127b67f158 42492 web optional otrs2_3.3.18-1+deb8u3.debian.tar.xz
 7fd68cc52ca3596e6ee96f170abfcd48 5644830 web optional otrs2_3.3.18-1+deb8u3_all.deb
 b5b08d40514e59f2f747f514dd6de725 188570 web optional otrs_3.3.18-1+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloyM+gACgkQEtmwSpDL
2OQX9w//Z+ZnXHqzSB35xWHvtrFzbOOnLYjCxbfH/2UMto3eYPtT+rAzTkBfcNVz
WiJZQKw96mmbYb1mvZIhwLG5puL+0tm2n1//xTj0UWszPNhrZXX+brIZmUu+NYle
aTm9Nij5BqHzsTUL3GcxQ4yElzcW/iXYccAJs2NIQDsXDcnl7+xzg9GvUhZIL87Q
3zVqe0cdHuBffz2aYU+3gQRYeF8XYR6d7lYmJHwelzKchhPep1XCEZ/HZ96/QUgC
/x3Ma4uPRr5Bl92FDw+upikIl+BYrrhDhjlNhf/zuvixdLsnbJQ3vv5YT0khnP3m
fsW1wCQGnD6fKAPmqpHaxguLaEM42IfeYsd96NfgVTQtaefIP+9e2dttwRpLBOng
ruCOrJkKFXUJMRqmRgdf6V/1v7qmbdawOHVYwZT43gq+7C0pq+7KIkdZ4PBc0hFI
mFHaVCaEiA41mcG6EmEJtKqCJlMytgSb01QeAaKcd/IH1YUqBI0HhbkYF2nvEvtg
xM3nAj5sFi7/Q8Bz5/Mmj4MQeDmSjFTzJw89mPVqDNruyF2G9M9PZWqzknigNVUr
Xqmrlp6pL7Tpc1cZGO6Vo8zd4mubO1mS4uoZq8lHlCHa414OEI6OVuDAE0sTu5Bh
rRwMk7o00Am023pCyWMT9VkIwc5cQtGpcNcDL5wp0ymtHSHOPAw=
=EJTS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted openafs 1.6.9-2+deb8u6 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Next by Date: Accepted otrs2 3.3.18-1+deb8u4 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Previous by thread: Accepted openafs 1.6.9-2+deb8u6 (all source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Next by thread: Accepted otrs2 3.3.18-1+deb8u4 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Index(es):
- Date
- Thread