Accepted otrs2 3.3.18-1+deb8u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 06 Nov 2017 15:08:08 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 3)
otrs2 - Open Ticket Request System
Closes: 767517 772287 876462
Changes:
otrs2 (3.3.18-1+deb8u1) jessie-security; urgency=high
.
* New upstream release.
- Refresh patches 03-backup, 04-opt, 05-database, 06-no-installer,
09-disable-DashboardProductNotify,
10-nice-packagemanager-permissions-message, 12-use-debian-libjs-packages,
13-load-debian-libjs, 14-font-paths and 15-dbupdate-as-root.
- This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
logged into OTRS as an agent with write permissions for statistics can
inject arbitrary code into the system. This can lead to serious problems
like privilege escalation, data loss, and denial of service.
Closes: #876462
.
otrs2 (3.3.11-1) experimental; urgency=low
.
* New upstream release.
- Fixes CVE-2014-9324, also known as OSA-2014-06.
- Refresh hunky patch 03-backup.
- Refresh hunky patch 07-dont-chown-links.
- Refresh hunky patch 10-nice-packagemanager-permissions-message.
- Refresh hunky patch 11-fix-SetPermissions-to-include-some-more-dirs.
* Watch again all releases.
* Do not install auto_build.sh.
Closes: #772287
* Merge 3.3.9-3 changelog.
.
otrs2 (3.3.10-1) experimental; urgency=low
.
* New upstream release.
- Refresh hunky patch 03-backup.
- non-free flash files have been removed.
- Remove an extra license file.
* Move database servers from recommends to suggest and add Postgres and MySQL
clients to recommends.
Closes: #767517
Checksums-Sha1:
a04254e17e91dca322d0ad7019b86d3c69844abc 1820 otrs2_3.3.18-1+deb8u1.dsc
7f45cf5336e9ce5d507a935241f042bdfdf85845 21067692 otrs2_3.3.18.orig.tar.bz2
815c7827d646406c29c321c9311a3141a31c0dff 39624 otrs2_3.3.18-1+deb8u1.debian.tar.xz
90f8d6efeb034cbe256f8c0da483cfd90382dc27 5644062 otrs2_3.3.18-1+deb8u1_all.deb
4efbbaa190282da9c7e17ffe473650dfa9a4a2bb 188306 otrs_3.3.18-1+deb8u1_all.deb
Checksums-Sha256:
31c34d7910e1748f409656275a7b8d298ad2415e445f870e90993af21658f9b1 1820 otrs2_3.3.18-1+deb8u1.dsc
9d6e4e44316c6812f35618be50d8951a0c2e0d917752610fada936c466bea453 21067692 otrs2_3.3.18.orig.tar.bz2
a9e7423f95a826e09db7224b9eae0169bfb7167a0b1b5f804def85dc33dd60fe 39624 otrs2_3.3.18-1+deb8u1.debian.tar.xz
a0d31800d752f1e20ac9d563b076d81c6c0f7252589d5ea9de9be12e1cfa3bdd 5644062 otrs2_3.3.18-1+deb8u1_all.deb
8167a4f4ac3702816c6f64afe73b80986c8332b22820726d61da1c06aa889d44 188306 otrs_3.3.18-1+deb8u1_all.deb
Files:
34e7ea72c1a4761acf0b9e07427e79b7 1820 web optional otrs2_3.3.18-1+deb8u1.dsc
b3375dfa09a2ec3c4cebc7ad74d55e0b 21067692 web optional otrs2_3.3.18.orig.tar.bz2
d9167d7a71268499efc2156c0aae1976 39624 web optional otrs2_3.3.18-1+deb8u1.debian.tar.xz
1bf9e651053e7051edd02b0d22f71d11 5644062 web optional otrs2_3.3.18-1+deb8u1_all.deb
f651a25f2b125a31d21faa8f6a71d84e 188306 web optional otrs_3.3.18-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloAcc4ACgkQEtmwSpDL
2OQtjBAAjF8VtE9pzcZtx975IzSKL/eaffsP+EtGVjbn05CqqqNqAsN1Te/ZlbkD
cqXX/85bZAFCOBWy+Ni81znt0vedsVH+ndJ/j+qEE/uw6FP7jQWBLmAA2Fo3IiO3
rSUAHrR386jd7Hu8oqckKaoC667smenmb1O9we87+2szRhEKUQ6sX1KsiA2A+dyQ
460Q5CgeCwgLOgfOJl/ifG5WuhridrllofBClc054U2CZb/akD80zNoKsITJJ2wY
wzUoOIl7UrpuQ/JLcUPDtXoVgDQGf7Ded91TIC9TAjTphGsgAobDeZPXDMT1wTPL
Pdr/jvhr7va6L9AXYj6CEr/U/vXO0c5evVUa/xQnubj3zV8qE6voFfePblDD70XU
bPkt0CKM5VrEqP4z1nCioQ7At5cF8jw9xX75AW3ZjZf2k6EEG4F8VeN35wh24m5H
PD4bFvgISWXEPqqbJpYhKxpkyJweYxp1ynZWZhR36/gAM6gBMa9pptYSJKpwzJnT
iQ57ElYzeyvYUNbtVe6DG8Qcl17lkaZuy+eY4Fd9O8uh/B3LPrqu+5gA6SCdxB5q
xIRiLP63EK+mD0dpFhSF3vBLb2e+v14cMimBXvPKG7ucjQDEhjZx8m1r8NV3IV9k
Bg0G68HTCkrf1vngUsyWl1EvFgCiT2foSXH1eIoldfgg8SkOQvA=
=73wQ
-----END PGP SIGNATURE-----
Reply to: