-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jun 2019 14:07:25 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12248: An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. * Fix CVE-2019-12497: In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. Checksums-Sha1: 3c772ebbbe6297134ee0a20e8890768540eb05d2 1975 otrs2_3.3.18-1+deb8u10.dsc e59d4daeac44f61ba536fef070b73ba8f6bfb6e2 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz 0f7003292a2c8baf2c31028773a376195b11763f 5683880 otrs2_3.3.18-1+deb8u10_all.deb 41a166a402524029983409d7174586460cf38826 190010 otrs_3.3.18-1+deb8u10_all.deb Checksums-Sha256: b581d8188b3e528a03ea53fe9091faeeff7bf237b0cb39131f6d9162b390f33e 1975 otrs2_3.3.18-1+deb8u10.dsc ef326eebf4979e418e4f0b2111142bc680d713968853b37abbb3cd727cc45a2c 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz 155a1e8b2784c223686431ecde4b9a81be19048f9e0a4c3566982b69b307f313 5683880 otrs2_3.3.18-1+deb8u10_all.deb d3e8377fbd2732e5272fc7d8715277fcb21c60ba2992de90373cbd0ebb4203ec 190010 otrs_3.3.18-1+deb8u10_all.deb Files: cd1f37d9843077e72d3dd39043790312 1975 web optional otrs2_3.3.18-1+deb8u10.dsc 78603d6aab585323e3d0273ab0f021eb 51544 web optional otrs2_3.3.18-1+deb8u10.debian.tar.xz 25768457ee237db190cbcc0641566585 5683880 web optional otrs2_3.3.18-1+deb8u10_all.deb 4da8d1ef53b6f92c42fbf86557ae7776 190010 web optional otrs_3.3.18-1+deb8u10_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlz/qUhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkOaQP/jUFx2bbgXqrpk9RWtLvlUVZCo9rDXuR9OAm nXfl9WDs26SN9A2Upf49+HnyNaHcGg5ZbtHaluhNvZAIQtEKhq2En1HHg0k8Wxmb 4h3qpgFqthJeWm91nhSLv/I8mTUn8vnDaedHRD+BXUWRJZmH3/Xb1rzSLf1BrMrO 01VQsxMiq9xSr8zvFnUmU4PON/X70sKqJ9X0rQVCgTm/28QtpM5F0S/Hw2sgqMiU eHZAT1ielDvjuJ9ZHNYHsFBt979FMjdb6t2PG4dbQKIpc5UrXz7N4HRxCTeE8qCD JvqN57CFdj8zo0DynYDHPHsFf8d+NzCep+DhBpIbxO2ZnAxjzYy2TyHCvI5mleTc /CbnPhKoOAvb2Nw0g3mAs8x3vvL3CW36gu95l7j+UJMtYaZftLuzv33AEmi1v/9l bzqCd4vCxvv45/5JeSZdtyT2TZmCso62evticoq1L4rCcB95ZcNQMO2p9i3JjEgc LHHNh0dXrkE286e8LpEmNxaYdZtvqsc3qIjthXTXK/n543TqLtQTonnGA+4qLMKO H8r5izEd8pk4JoEi217Nmf4Sl5tS/7eApR7EfYxpGbb/08AliM+V0octgirpldRY JtI+AIvfA/i7WqMjF/tgQ0/kPzOEnOMDBZ7i2M8GwxNGXBmPFXCbrZVv0EWOcWEn RutwjzTt =0e9M -----END PGP SIGNATURE-----
