[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS

Am 29.09.2017 um 10:10 schrieb Patrick Matthäi:
> old-old-stable: You can use my work based on jessie, but there are some
> problems I see:
> - you have to drop the libjs-jquery-ui dependency, the removal of it in
> debian/rules, links in otrs2.links, patch 12 and 13, maybe more..
> - fonts-font-awesome is not in oos, so same as for libjs-jquery (rules,
> links and so on)
> I hope this is enough to get it work.

Thank you for working on CVE-2017-14635. I have come to the conclusion
that it is simpler and less intrusive to rebase the patches for 3.1.17
in Wheezy than to upgrade to the latest patch level because of the
reasons you have mentioned above. But the rest makes sense and I think
the security team will follow up on that.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: