[SECURITY] [DLA 787-1] otrs2 security update

[Jonas Meurer <mejo@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : otrs2
Version        : 3.1.7+dfsg1-8+deb7u6
CVE ID         : CVE-2016-9139
Debian Bug     : 843091


A cross-site sripting vulnerability (XSS) was discovered in OTRS, a
ticket requesting system for the web. An attacker could trick an
authenticated user into opening a malicious attachment which could
lead to the execution of JavaScript in OTRS context.
This update addresses the vulnerability by setting a strict default
HTTP content security policy that forbids loading of third-party files.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.7+dfsg1-8+deb7u6.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


- -- 
Jonas Meurer

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlh8xrYQHG1lam9AZGVi
aWFuLm9yZwAKCRBSYuf/SRBJ/hVKD/9WSS4N4vW3XlyVohYp1E6B2RVtxJLRbVhM
SbEGvETnTP5tgckRJRR+FsQ/4pxVIE/wh5wOprbSGWlN2rg3RyfYmXOGf10ux2yS
lraGnRxQ0LtS/BzSYf/n7KIey3Qzm3Nk4MKjkBM+MZlQ7UT2iH5tHJy52lMwjw5w
EygoMnLmxlZv9YsfOGk3T1ChvpB1G2SakdfZ2I4IY9FfNawxbJckKXRf9+xG6Cpo
UCqinpoEqpFrVCXaPnBpG5KGQ3IF+VBCBeVQdj+nel5cWpzfuxrZhjhoxGC9raHw
OklZnFLsBPNBmqjfRvanvm+cqQQeX1+JRvCBRqey620d+BSg/y7NU7Lt1l/x56P3
zOQxQuyGzg2qnEG5zfHjFfmvGyjV4+Znf3+4tGiqqlc5gxvO7Hxxm2PXNjLG3lWS
FVbpK0oh/NNR4vOZxv3u6KpLC0WlVT4/gHuXGQWXIFpwwctiTqTorKa1y3HKpuZj
Ihln4ui0lMZF7x1v9mNk9ww4Y29SNqlgnmK0GtZZOX9VzvtgkoouSSl6NqwdixNF
B3S/VPHjYuIWG1kdAuWy60M57HHYY8io58IMSYNlcRBd2Y8nGHgEYHrQHreFqUGJ
zpV1LEHoIJvHyu6k+mDgJpDsUuyrNA+tTjKfOpdtCLTauu6346D65kprM8QBKHfL
BOLctLKuDA==
=B7nn
-----END PGP SIGNATURE-----