[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS

Am 29.09.2017 um 20:00 schrieb Markus Koschany:
> Am 29.09.2017 um 19:51 schrieb Markus Koschany:
> [...]
>> Apparently version 3.1.7 used the MyISAM engine which now conflicts with
>> the new default InnoDB database. I know how it could be fixed by hand
>> but I don't think this is the recommended Debian way. Do you have
>> encountered such a problem before? It is probably related to the files
>> in debian/schema, a missing patch or a maintainer script. Any ideas?
> Nevermind. I have just found Debian bug #707075 and README.Debian...
> That's unfortunate.
> Markus
Oh yeah this ugly issue / change..
@security team:
IMHO we have got onl the two options to remove support for otrs2 in oos
or to update it to the most recent 3.3.x version. I know many companies
who are using the offical Debian packages from otrs, but yeah not the
wheezy one anymore ;)So we should took the risk to update to 3.3.x
upstream, the upgrade path from < 3.3x to >= 3.3.x is ugly for most
MySQL users, because of the old default storage engine. But realy I do
not realy care about users which would yell about that now about 4 years..

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: