[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted otrs2 6.0.18-1 (source all) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 26 Apr 2019 11:00:38 +0200
Source: otrs2
Binary: otrs otrs2
Architecture: source all
Version: 6.0.18-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 6)
 otrs2      - Open Ticket Request System
Changes:
 otrs2 (6.0.18-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
       into OTRS as an agent with appropriate permissions may create a carefully
       crafted calendar appointment in order to cause execution of JavaScript in
       the context of OTRS.
     - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
       into OTRS as an agent user with appropriate permissions may manipulate the
       URL to cause execution of JavaScript in the context of OTRS.
     - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
       into OTRS as an agent user with appropriate permissions may try to import
       carefully crafted Report Statistics XML that will result in reading of
       arbitrary files of OTRS filesystem.
Checksums-Sha1:
 c3c8a3768874661b4a6a861f31f474e7cd89da0e 1811 otrs2_6.0.18-1.dsc
 ea079fe0fcd22f156e24ea243f4b31898daefdfc 25086176 otrs2_6.0.18.orig.tar.bz2
 928799b90fb62ba99b8b76884bcced91e08b223e 29768 otrs2_6.0.18-1.debian.tar.xz
 59102d881df5a9013cb8ae5faebc80999a75e9ce 9712764 otrs2_6.0.18-1_all.deb
 62fcbf9558197e9d6b4e9027dacf0513a4d1b1d5 6244 otrs2_6.0.18-1_amd64.buildinfo
 69ba4a9a66015aad0d92bb0408c7057d7c1fb115 248736 otrs_6.0.18-1_all.deb
Checksums-Sha256:
 8b93217debd6f1727a7a0744fe3a7e819e5ca9f8501e01a37b2e6b88c1f34e86 1811 otrs2_6.0.18-1.dsc
 278b791fdbcc25dcf2bf8de3f81a5b8b72ba16f08eb5a28b69a24604ad999f6b 25086176 otrs2_6.0.18.orig.tar.bz2
 156bd880d84c795999c45b6f94475c944985b9ae1ceff39b762fa6012412ad52 29768 otrs2_6.0.18-1.debian.tar.xz
 1d8095d355cc17ca21b2fba63e9e21ea6f007c1b8c634a6e2a1e33669fc9c57c 9712764 otrs2_6.0.18-1_all.deb
 7dc3b16d58510cab414d08124b354fba0efb5f5e9edd646e10661a705e9187a2 6244 otrs2_6.0.18-1_amd64.buildinfo
 a53be8479e52e1d66509d563c45821bb104ab082e5158dab8ae7ceff02eb7fa7 248736 otrs_6.0.18-1_all.deb
Files:
 a346b40a32f338a43c083390b66e2179 1811 non-free/web optional otrs2_6.0.18-1.dsc
 3d17ba6f0f5dbaa00d438036be93cefe 25086176 non-free/web optional otrs2_6.0.18.orig.tar.bz2
 a1c5cb97d15b87272111a4229391d48c 29768 non-free/web optional otrs2_6.0.18-1.debian.tar.xz
 132d36406466995144b11577a435fa78 9712764 non-free/web optional otrs2_6.0.18-1_all.deb
 4470799f46a3062969b23fb017f6e850 6244 non-free/web optional otrs2_6.0.18-1_amd64.buildinfo
 197b5b3cc2b6f7b85ee1e9949058447b 248736 non-free/web optional otrs_6.0.18-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlzC1q0ACgkQEtmwSpDL
2OTUww/+OyxCD7dUAM8rDcN4kP5+jjh19XtGpVJZcUXX7S4wN2drwEhVS578iShJ
Iroe6d5i5DwgqG1fgEg7abHiBE2XC6X5rsGkTQ2aX3TGxYYHB3sGO7WviBovZM6p
GXwwFJ17BlOkjJTzl3zKGyE/acMKCRuhmPMqxc1hWY6jaz+TG+PddpT9FCm+22V5
hubJkrenic47gWy09rFMtsKCzj3hxRo54IXMJpi2USZpKG0F/PEvOVdfD+U19gWd
kZU0H0uDIUpJsTKkYKKAJF2JL93g5S8SxkWJ32gixxtKhUNQ7Sg5orrvvErj5CFr
hThzZk+9uLeT2fsiB/ILGM0KZwpePP/qdExSi8hAU8tonO3PKbR7K1nDtSGXDkAA
ta36BlYiZeMVqvTfMBs/cwlyHyluDvDxMYq0NLoK4vxzXXETSzLp7eK00siOuziP
eCQ+sM9v55GFvs+TQkfumSNiYlisMmAiopdaW4jSRfERZ89LK9TjaZn/21aGDvg2
qW8g359NL7xdE3MJyvIARByQ8JN3H/pesZc3C2zOQXzkrDRg2pdPYIi5T0phFuB8
L00K33hBd6vesTRKtzBIQpwoqWDlNLzt1+Jqt/XAjEI9+S36XF2yjs95aYCQ8drs
d5nwZgdVo0RZMoPIkIfWu3pqHT6WeZ510/vaB7iuZluBUcJRwMk=
=pfIQ
-----END PGP SIGNATURE-----
Reply to: