Re: [SECURITY] [DSA 2712-1] otrs2 security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 2712-1] otrs2 security update
From: armando arena <armando.arena56@gmail.com>
Date: Sat, 22 Jun 2013 17:55:29 +0200
Message-id: <[🔎] CAOuvHztW-L-Mk-=ye=-X5iGsEVxECMmAO0FXvuC+Y4gMBPGWhQ@mail.gmail.com>
In-reply-to: <87y5a57pdj.fsf@mid.deneb.enyo.de>
References: <87y5a57pdj.fsf@mid.deneb.enyo.de>

2013/6/19, Florian Weimer <fw@deneb.enyo.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-2712-1                   security@debian.org
> http://www.debian.org/security/                            Florian Weimer
> June 19, 2013                          http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : otrs2
> Vulnerability  : privilege escalation
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2013-4088
>
> It was discovered that users with a valid agent login could use
> crafted URLs to bypass access control restrictions and read tickets to
> which they should not have access.
>
> The oldstable distribution (squeeze) is not affected by this problem.
>
> For the stable distribution (wheezy), this problem has been fixed in
> version 3.1.7+dfsg1-8+deb7u2.
>
> For the unstable distribution (sid), this problem has been fixed in
> version 3.2.8-1.
>
> We recommend that you upgrade your otrs2 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: http://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEcBAEBAgAGBQJRwieBAAoJEL97/wQC1SS+ts0H/0+CgTo3bJpYYjSWmeKj4qbx
> m+1nz9qZHfgMGvelcO+dvffji8Y3eYyZDCFOK7zniv7wYQqBV1Hy6V+c2c1twLvU
> /VLilRSTv/ktVVQFtCwxhy3meUWw+Ek+OpYutVP1G2ebuWiFbxhppTFlxLBPLfdo
> 54dPpF0wNhV+MuHfa/XSj3bUKwqq2rFw0rB+Ce45pNwIQ5RfftoCR2l0+rcUsAv1
> pAJgOVoxEZo+QdIrCPTTtvNervS2vdpzqgwzd3pxt+pwT1eV5ZMtDkes2cCNw5wv
> 8Chn4XnxX3ymN4rjBrzfTukCeAz3tNgDoDwpNC+MjUEZzJWy0nyT7WF4In51pUc=
> =7Wpc
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> Archive: http://lists.debian.org/87y5a57pdj.fsf@mid.deneb.enyo.de
>
>

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 2712-1] otrs2 security update
  - From: Nick <nick@glimmer.adsl24.co.uk>

Prev by Date: Re: PHP5 in Wheezy vulnerable to CVE-2013-2110?
Next by Date: Re: [SECURITY] [DSA 2712-1] otrs2 security update
Previous by thread: Re: PHP5 in Wheezy vulnerable to CVE-2013-2110?
Next by thread: Re: [SECURITY] [DSA 2712-1] otrs2 security update
Index(es):
- Date
- Thread