-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 23 Nov 2018 17:50:17 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19141: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS * Fix CVE-2018-19143: An attacker who is logged into OTRS as a user may manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to. Checksums-Sha1: 95259cc80e354af94756b2fb754d649fce70bca4 1971 otrs2_3.3.18-1+deb8u7.dsc 52ef919954820811877bb1de994658637dd0b370 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz 2e3a774bc6e5c723efbae0294abb0c9753469e4a 5682230 otrs2_3.3.18-1+deb8u7_all.deb 9dafbbb4b09fd420dcf6e5059b82f29086d05aaf 189716 otrs_3.3.18-1+deb8u7_all.deb Checksums-Sha256: 02e4b885dd7e1489939d841592606350ff0578b715e923ead173a465ff35567e 1971 otrs2_3.3.18-1+deb8u7.dsc 6d6861a268a1079f77a82047561672218011fdf84f1ea869a3b5dca5dc22d270 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz 77cdab05387ea24b4467e9db0f7f11d02afb15b4e6a82281f467eb7875a886a8 5682230 otrs2_3.3.18-1+deb8u7_all.deb 57b5513f3b86f4dd7ebc3523b16b506e3a1d5f147bddd5a8d48a772f3b72a9bb 189716 otrs_3.3.18-1+deb8u7_all.deb Files: 56beb4bf3859ff65bfbcf753cb288c3d 1971 web optional otrs2_3.3.18-1+deb8u7.dsc 3745d2b76ea0d2a27f16f1087f84fc2c 47920 web optional otrs2_3.3.18-1+deb8u7.debian.tar.xz 6834c9d4dc4f79282e51b7767a4c79b8 5682230 web optional otrs2_3.3.18-1+deb8u7_all.deb f827b15ef72d642308824faaedd44852 189716 web optional otrs_3.3.18-1+deb8u7_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv4P8tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJxYP/0gEimyEjkWIRUBGhXYh4QENVhE7bn9NDbf6 HBaciPpXx5i1uOOs+6dU/LShGQFBG3T+2VaxTznhA4/+0fW2nOlPwkZzrf5BUhEE /3OYyjZ3nVYHz9HP97lQEkpHUenQ5pcmyUX5qviHEfuFapNvAEI8LXQXPybVkPwu zyTHhwn0csPamCBjpJMRBBHQfvLqKuwuEHlcgz4ZBzbysiveb0C24IEeYpdoQruQ 4Dx3Ju1kROPMQS11ZE5ddDJlBpdMYbYoDv43pSEQheuVRVEt3a0CXUKyG70ET/rJ zuzwVhOvSuSy0S4epqtwgZjFxilTrR1jErsugYwTfYWsRSHejCzVJ7FSvNs86mpT EJmSxNT7/U5qxrDIGzx8/vmC0YXujkwMavXclOvdUZuR1x46pbJtKUFXWEpWf3z0 N06FVH8DdfRve+hDf62Qe4egV8eEcVjbdqyO4i17fjrvnJvNaXKMpS0K28ohfybF 3L8Vf0K5+qTmPIObvLdLxZFfmUqQdX6DYV5ulWkyU8tP5EvWlzehpBCgiPBDqZJn TI0LXiVVR6hQEc+3MeEMLHHS6D+61p7s+3jaNs18xpBR4S+U7kbOlHQMCID3TVO4 rzcnV5WGQK7sKqHJ0omn8SdGEVi8u0fgpc7Pjm2tQgnziEVIeX375MZ2t7f4Z26n 81UmWMh8 =ym/o -----END PGP SIGNATURE-----