Accepted otrs2 3.3.18-1+deb8u7 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted otrs2 3.3.18-1+deb8u7 (source all) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Fri, 23 Nov 2018 18:10:13 +0000
Message-id: <[🔎] E1gQFu9-0006HO-KD@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 23 Nov 2018 17:50:17 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u7
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 3)
 otrs2      - Open Ticket Request System
Changes:
 otrs2 (3.3.18-1+deb8u7) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-19141:
     An attacker who is logged into OTRS as an admin user may manipulate the URL
     to cause execution of JavaScript in the context of OTRS
   * Fix CVE-2018-19143:
     An attacker who is logged into OTRS as a user may manipulate the submission
     form to cause deletion of arbitrary files that the OTRS web server user has
     write access to.
Checksums-Sha1:
 95259cc80e354af94756b2fb754d649fce70bca4 1971 otrs2_3.3.18-1+deb8u7.dsc
 52ef919954820811877bb1de994658637dd0b370 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz
 2e3a774bc6e5c723efbae0294abb0c9753469e4a 5682230 otrs2_3.3.18-1+deb8u7_all.deb
 9dafbbb4b09fd420dcf6e5059b82f29086d05aaf 189716 otrs_3.3.18-1+deb8u7_all.deb
Checksums-Sha256:
 02e4b885dd7e1489939d841592606350ff0578b715e923ead173a465ff35567e 1971 otrs2_3.3.18-1+deb8u7.dsc
 6d6861a268a1079f77a82047561672218011fdf84f1ea869a3b5dca5dc22d270 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz
 77cdab05387ea24b4467e9db0f7f11d02afb15b4e6a82281f467eb7875a886a8 5682230 otrs2_3.3.18-1+deb8u7_all.deb
 57b5513f3b86f4dd7ebc3523b16b506e3a1d5f147bddd5a8d48a772f3b72a9bb 189716 otrs_3.3.18-1+deb8u7_all.deb
Files:
 56beb4bf3859ff65bfbcf753cb288c3d 1971 web optional otrs2_3.3.18-1+deb8u7.dsc
 3745d2b76ea0d2a27f16f1087f84fc2c 47920 web optional otrs2_3.3.18-1+deb8u7.debian.tar.xz
 6834c9d4dc4f79282e51b7767a4c79b8 5682230 web optional otrs2_3.3.18-1+deb8u7_all.deb
 f827b15ef72d642308824faaedd44852 189716 web optional otrs_3.3.18-1+deb8u7_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv4P8tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkJxYP/0gEimyEjkWIRUBGhXYh4QENVhE7bn9NDbf6
HBaciPpXx5i1uOOs+6dU/LShGQFBG3T+2VaxTznhA4/+0fW2nOlPwkZzrf5BUhEE
/3OYyjZ3nVYHz9HP97lQEkpHUenQ5pcmyUX5qviHEfuFapNvAEI8LXQXPybVkPwu
zyTHhwn0csPamCBjpJMRBBHQfvLqKuwuEHlcgz4ZBzbysiveb0C24IEeYpdoQruQ
4Dx3Ju1kROPMQS11ZE5ddDJlBpdMYbYoDv43pSEQheuVRVEt3a0CXUKyG70ET/rJ
zuzwVhOvSuSy0S4epqtwgZjFxilTrR1jErsugYwTfYWsRSHejCzVJ7FSvNs86mpT
EJmSxNT7/U5qxrDIGzx8/vmC0YXujkwMavXclOvdUZuR1x46pbJtKUFXWEpWf3z0
N06FVH8DdfRve+hDf62Qe4egV8eEcVjbdqyO4i17fjrvnJvNaXKMpS0K28ohfybF
3L8Vf0K5+qTmPIObvLdLxZFfmUqQdX6DYV5ulWkyU8tP5EvWlzehpBCgiPBDqZJn
TI0LXiVVR6hQEc+3MeEMLHHS6D+61p7s+3jaNs18xpBR4S+U7kbOlHQMCID3TVO4
rzcnV5WGQK7sKqHJ0omn8SdGEVi8u0fgpc7Pjm2tQgnziEVIeX375MZ2t7f4Z26n
81UmWMh8
=ym/o
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted libphp-phpmailer 5.2.9+dfsg-2+deb8u4 (source all) into oldstable
Next by Date: Accepted squid3 3.4.8-6+deb8u6 (source all amd64) into oldstable
Previous by thread: Accepted libphp-phpmailer 5.2.9+dfsg-2+deb8u4 (source all) into oldstable
Next by thread: Accepted squid3 3.4.8-6+deb8u6 (source all amd64) into oldstable
Index(es):
- Date
- Thread