Accepted otrs2 3.3.18-1+deb8u10 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jun 2019 14:07:25 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u10
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 3)
otrs2 - Open Ticket Request System
Changes:
otrs2 (3.3.18-1+deb8u10) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-12248:
An attacker could send a malicious email to an OTRS system. If a logged in
agent user quotes it, the email could cause the browser to load external
image resources.
* Fix CVE-2019-12497:
In the customer or external frontend, personal information of agents can be
disclosed like Name and mail address in external notes.
Checksums-Sha1:
3c772ebbbe6297134ee0a20e8890768540eb05d2 1975 otrs2_3.3.18-1+deb8u10.dsc
e59d4daeac44f61ba536fef070b73ba8f6bfb6e2 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz
0f7003292a2c8baf2c31028773a376195b11763f 5683880 otrs2_3.3.18-1+deb8u10_all.deb
41a166a402524029983409d7174586460cf38826 190010 otrs_3.3.18-1+deb8u10_all.deb
Checksums-Sha256:
b581d8188b3e528a03ea53fe9091faeeff7bf237b0cb39131f6d9162b390f33e 1975 otrs2_3.3.18-1+deb8u10.dsc
ef326eebf4979e418e4f0b2111142bc680d713968853b37abbb3cd727cc45a2c 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz
155a1e8b2784c223686431ecde4b9a81be19048f9e0a4c3566982b69b307f313 5683880 otrs2_3.3.18-1+deb8u10_all.deb
d3e8377fbd2732e5272fc7d8715277fcb21c60ba2992de90373cbd0ebb4203ec 190010 otrs_3.3.18-1+deb8u10_all.deb
Files:
cd1f37d9843077e72d3dd39043790312 1975 web optional otrs2_3.3.18-1+deb8u10.dsc
78603d6aab585323e3d0273ab0f021eb 51544 web optional otrs2_3.3.18-1+deb8u10.debian.tar.xz
25768457ee237db190cbcc0641566585 5683880 web optional otrs2_3.3.18-1+deb8u10_all.deb
4da8d1ef53b6f92c42fbf86557ae7776 190010 web optional otrs_3.3.18-1+deb8u10_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlz/qUhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkOaQP/jUFx2bbgXqrpk9RWtLvlUVZCo9rDXuR9OAm
nXfl9WDs26SN9A2Upf49+HnyNaHcGg5ZbtHaluhNvZAIQtEKhq2En1HHg0k8Wxmb
4h3qpgFqthJeWm91nhSLv/I8mTUn8vnDaedHRD+BXUWRJZmH3/Xb1rzSLf1BrMrO
01VQsxMiq9xSr8zvFnUmU4PON/X70sKqJ9X0rQVCgTm/28QtpM5F0S/Hw2sgqMiU
eHZAT1ielDvjuJ9ZHNYHsFBt979FMjdb6t2PG4dbQKIpc5UrXz7N4HRxCTeE8qCD
JvqN57CFdj8zo0DynYDHPHsFf8d+NzCep+DhBpIbxO2ZnAxjzYy2TyHCvI5mleTc
/CbnPhKoOAvb2Nw0g3mAs8x3vvL3CW36gu95l7j+UJMtYaZftLuzv33AEmi1v/9l
bzqCd4vCxvv45/5JeSZdtyT2TZmCso62evticoq1L4rCcB95ZcNQMO2p9i3JjEgc
LHHNh0dXrkE286e8LpEmNxaYdZtvqsc3qIjthXTXK/n543TqLtQTonnGA+4qLMKO
H8r5izEd8pk4JoEi217Nmf4Sl5tS/7eApR7EfYxpGbb/08AliM+V0octgirpldRY
JtI+AIvfA/i7WqMjF/tgQ0/kPzOEnOMDBZ7i2M8GwxNGXBmPFXCbrZVv0EWOcWEn
RutwjzTt
=0e9M
-----END PGP SIGNATURE-----
Reply to: