[SECURITY] [DLA 2118-1] otrs2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2118-1] otrs2 security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Mon, 24 Feb 2020 18:03:32 +0100
Message-id: <[🔎] 20200224170332.2g7zh5rqoil66vpx@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : otrs2
Version        : 3.3.18-1+deb8u14
CVE ID         : CVE-2019-11358
Debian Bug     : 927385


It was discovered that the jQuery version embedded in OTRS, a ticket
request system, was prone to a cross site scripting vulnerability in
jQuery.extend().

For Debian 8 "Jessie", this problem has been fixed in version
3.3.18-1+deb8u14.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl5T/MsACgkQj/HLbo2J
BZ865gf/VttMwZfepBG8W5NexNR8AnvSWuUkslQ/DL9aGdCdB0l4sAEjRJOfJRdl
/FJFAaRIIwI/ad1bcnkT64tnSMjy40D4FZSACq6N/0dqbz8hTib3VGnZmSRY6yz2
dwGGXyCQO2fR23YG0QxHKf+wGPcS8NMZyKGyYKZ47gxXoMyVStqOvkQh76VKd+1G
PQGKKBByN/n7LEUAg7rBWwbuWst/0wvN0aSqeOtnVpmyZOkLAqB0xW+nEoQPFlLZ
WctjjNaE6myaJTs1buWe7wu4adv3UN0Zr3zN+Q7FMvOmhXtaKNslSvcsn/6OJTGw
IGTadWywMpS2z+wDKem9vGL0E3hglg==
=qfTE
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2116-1] libpam-radius-auth security update
Next by Date: [SECURITY] [DLA 2119-1] python-pysaml2 security update
Previous by thread: [SECURITY] [DLA 2116-1] libpam-radius-auth security update
Next by thread: [SECURITY] [DLA 2119-1] python-pysaml2 security update
Index(es):
- Date
- Thread