[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted otrs2 6.0.16-2 (source all) into testing-proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 May 2019 11:06:21 +0200
Source: otrs2
Binary: otrs otrs2
Architecture: source all
Version: 6.0.16-2
Distribution: buster
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 6)
 otrs2      - Open Ticket Request System
Changes:
 otrs2 (6.0.16-2) buster; urgency=high
 .
   * Add patch 13-OSA-2019-02, which fixes OSA-2019-02, also known as
     CVE-2019-9751: An attacker who is logged into OTRS as an admin user may
     manipulate the URL to cause execution of JavaScript in the context of OTRS.
   * Add patch 16-OSA-2019-06, which fixes OSA-2019-06, also known as
     CVE-2019-10066: An attacker who is logged into OTRS as an agent with
     appropriate permissions may create a carefully crafted calendar appointment
     in order to cause execution of JavaScript in the context of OTRS.
   * Add patch 15-OSA-2019-05, which fixes OSA-2019-05, also known as
     CVE-2019-10067: An attacker who is logged into OTRS as an agent user with
     appropriate permissions may manipulate the URL to cause execution of
     JavaScript in the context of OTRS.
   * Add patch 14-OSA-2019-04, which fixes OSA-2019-04, also known as
     CVE-2019-9892: An attacker who is logged into OTRS as an agent user with
     appropriate permissions may try to import carefully crafted Report
     Statistics XML that will result in reading of arbitrary files of OTRS
     filesystem.
Checksums-Sha1:
 a07759e9dfdb63d48d806c5168b7ba45fcb7aead 1811 otrs2_6.0.16-2.dsc
 8aae76e71a34e1554ac1f3955e704ff899ddf0e4 34276 otrs2_6.0.16-2.debian.tar.xz
 e4fecfde51fa199578c17e6e55649ec50bf270d3 9672716 otrs2_6.0.16-2_all.deb
 c59fabe59ee0be624343ec86a4ffcc67e19998a6 6248 otrs2_6.0.16-2_amd64.buildinfo
 238d9636d0169f6fae9f3190041a81958e23cf9a 247372 otrs_6.0.16-2_all.deb
Checksums-Sha256:
 b11909911ccab4b357e99642a81214c3ff619ba47dd7b15a7dfcb455b6c83ac7 1811 otrs2_6.0.16-2.dsc
 bf816ea1ac843a53d16a3e4e380b35ccec426b8f91a276f04e6a1a9d9d0e79b1 34276 otrs2_6.0.16-2.debian.tar.xz
 81358a76961d16f08c9a479d139a2a6cbad973e57e8d5e2b886b31243082ba41 9672716 otrs2_6.0.16-2_all.deb
 4c0681424e098a12230e5b986dbd0103c8576987cc897614ba5829476269cffc 6248 otrs2_6.0.16-2_amd64.buildinfo
 13af875b671ebe828b6ab8b3540cf5422770dcb4adb1b809615853cb3ee182ae 247372 otrs_6.0.16-2_all.deb
Files:
 8598bfcc400d783b497a16e9242ddfed 1811 non-free/web optional otrs2_6.0.16-2.dsc
 1a61e4fb9bc2799ed08aa5651cddb9d5 34276 non-free/web optional otrs2_6.0.16-2.debian.tar.xz
 48f646f36445eaf34f99f69bbbde8d04 9672716 non-free/web optional otrs2_6.0.16-2_all.deb
 9e39f649b9f877a67726b36128408416 6248 non-free/web optional otrs2_6.0.16-2_amd64.buildinfo
 88c227cbb66404610f493bd9db12da9c 247372 non-free/web optional otrs_6.0.16-2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlzT8UIACgkQEtmwSpDL
2OS5vA/+Mql8/4GR5IAw7eUgMRTh5+aRu9UshKTetsVcDNG8urWTTbJ4IUk43GnR
r4GTdliIdqM9zRSpSNtg1Ky1f1sn4W1/W75lcAGOAb15F5Y4MLeBfAQvf3q68sdE
oK+zOREqY66q/5jSK7GT75K2DSvv8Bqt4h0XyipplIC3rJhB7kO5Jb2QwYPdGNB4
kl5+tAcnld0sPc6LBUF0AaydSH5kCZt40tPW/0qR7r8UrK6FteWXNTEsRmE8qxFd
X+jJHa8O9wBy7EG8TSp1Kn21+GaSi4tGR3fnGCtJrC/iwyNGv6ryk6kQXV8DQHxF
bouN4nmOED2fM0PuYg4d7od0M2wV6VJHW7XiQ3Vu6sa8UrNjiK+6AcCl5+5bUUJB
mOvhuuEmgZNQ/GFnfRfSGLhxULuH+AC63IKFDn8en0b7ixDY+AVRj2DP29eI8zVa
CDE6V3kvMFZOzSDY/u7rPUTbHyvaS16rsu2z4sjlfQx2YWUcthYmHPiVPrzCeJR8
HUX017Bkvap0xryafFLLwTiuGfyMsaj91pIIgo9nqg92V53jA6xJaMWNA9ZVI6wz
hKO+hgPGcC+qs1YUyoQVtFlDljJ2mrfYq8teIEIeNMGEmEJf7j8S8prcnMzRkCSD
PSwHvDLSotYHOgySpfhMsBx7zzE1UPa4JrNcT4cOsgQT393s7lI=
=W7HR
-----END PGP SIGNATURE-----
Reply to: