Accepted otrs2 3.3.18-1~deb7u2 (source all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Dec 2017 20:20:53 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1~deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Emilio Pozuelo Monfort <pochu@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 3)
otrs2 - Open Ticket Request System
Closes: 882370
Changes:
otrs2 (3.3.18-1~deb7u2) wheezy-security; urgency=medium
.
[ Emilio Pozuelo Monfort ]
* Backport the following changes from jessie:
.
[ Patrick Matthäi ]
* Add patch 16-OSA-2017-06 which fixes OSA-2017-06, also known as
CVE-2017-15864: An attacker who is logged into OTRS as an agent can request
special URLs from OTRS which can lead to the disclosure of any
configuration information, including database credentials.
* Add patch 17-OSA-2017-07 which fixes OSA-2017-07, also known as
CVE-2017-16664: An attacker who is logged into OTRS as an agent can request
special URLs from OTRS which can lead to the execution of shell commands
with the permissions of the web server user.
Closes: #882370
.
[ Emilio Pozuelo Monfort ]
* Add patch 18-OSA-2017-08 which fixes OSA-2017-08, also known as
CVE-2017-16854: An attacker who is logged into OTRS as a customer can use
the ticket search form to disclose internal article information of their
customer tickets.
* Backport the following change from jessie:
.
[ Patrick Matthäi ]
* Add patch 19-OSA-2017-09:
This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is
logged into OTRS as an agent can manipulate form parameters and execute
arbitrary shell commands with the permissions of the OTRS or web server
user.
Checksums-Sha1:
a2402e5222d16981a07dbfb94e4f10aa3090f622 1806 otrs2_3.3.18-1~deb7u2.dsc
7f45cf5336e9ce5d507a935241f042bdfdf85845 21067692 otrs2_3.3.18.orig.tar.bz2
0edae19bea0726a22d9d622e8eb9f128bfc024c9 49001 otrs2_3.3.18-1~deb7u2.debian.tar.gz
f84469e7d445a4a3403ae2e1dd4fd3d0af035beb 10660464 otrs2_3.3.18-1~deb7u2_all.deb
771a93eff3ece54a70a4e2c4e7218ec4255ebaff 189752 otrs_3.3.18-1~deb7u2_all.deb
Checksums-Sha256:
1844607a13b84ec5d14b4d35d841c208ddd099a4cb68bbbec4c7880ef4e6a844 1806 otrs2_3.3.18-1~deb7u2.dsc
9d6e4e44316c6812f35618be50d8951a0c2e0d917752610fada936c466bea453 21067692 otrs2_3.3.18.orig.tar.bz2
3f99d780317c597a90540c26cd87d136732d1a07da3f46f525f7b66a4dbed916 49001 otrs2_3.3.18-1~deb7u2.debian.tar.gz
909349579643916fa4f3ab11832e6edc2cef9f400dd4444bf5b6a29fcadae962 10660464 otrs2_3.3.18-1~deb7u2_all.deb
7f93bf0adc1ea95540a082548c1816b53eac7b4502c053787c59c4e39a7b3ece 189752 otrs_3.3.18-1~deb7u2_all.deb
Files:
fa33f053720a554fcf7428a9580cd337 1806 web optional otrs2_3.3.18-1~deb7u2.dsc
b3375dfa09a2ec3c4cebc7ad74d55e0b 21067692 web optional otrs2_3.3.18.orig.tar.bz2
329c015cfa31171b2cdd93ee51982a47 49001 web optional otrs2_3.3.18-1~deb7u2.debian.tar.gz
5001ab83e8d24900994d8db11aa9f3bb 10660464 web optional otrs2_3.3.18-1~deb7u2_all.deb
7e4bd8fd153063d831732b152b20b7b2 189752 web optional otrs_3.3.18-1~deb7u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlo5avsACgkQnUbEiOQ2
gwL/tA//RMS5TnWlzbGJtG04l+5S6zYVKDzk/qkNrGCgdwDiCyYtrXiImg1ZePF0
Q9Nyj3+A1uYLUhxEC7TiybbDm1jUyxf4rc/c48Dw3OaCbC4fX25HOAJAQcKJ8fnE
SfkrYcv8FCDiA5VPbIb0hvsoELW1xSB2AVqjj72098r0l6jtVi0zx13uq4mWGk+e
WohgQsOXmnhYwQSlPXaMwPVRJTDgJrnHUDT1kpRRdGuFtFxZ92LlvOE6gpzvgpl+
cnN3LNoFdLKB9w0ckkqC3LBXAYnet5CiPGJlGRvtePAZGb1aKxSplpXuF690kjIW
ihQXCTtaY1yHr577NB/45qtPlcmgHndfjan8aIpo9bLV3kqRTqqdyYPB2xWePrSY
fQO6sRbEmGrHPoPpQ8DjuSlY0bbGtMCEEmRwUsoUkdRw3xmDWlr5nznLmngL8ZFE
pPArORUGULwWgabaQF5W63C6ZJZWXsUEl4egitgVcG0EZ4XvvAMXFidOedGM9g0a
ViOPTXIzjYud9vc8X7Unhoo6k3QHI5HfPeyqf/8PYJQMVAOMEBHiZWWjXvD2QLQY
m99TNOAf+xag/3FuHUwDVWFPZZzAjPuNPcPSObo1FF1FZLy1y2MM1BzSHBGjgnUO
q+r1DuUnZp9k4ec1eOZQgCDmInV/OuBoi25FICTlXANe8U0sM2k=
=eckR
-----END PGP SIGNATURE-----
Reply to: