Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-backports-changes@lists.debian.org>
Subject: Accepted otrs2 6.0.24-1~bpo10+1 (source all) into buster-backports
Date: Fri, 31 Jan 2020 09:04:34 +0000
Signed by: Patrick Matthäi <pmatthaei@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 31 Jan 2020 09:18:48 +0100
Source: otrs2
Binary: otrs otrs2
Architecture: source all
Version: 6.0.24-1~bpo10+1
Distribution: buster-backports
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 6)
 otrs2      - Open Ticket Request System
Closes: 945251
Changes:
 otrs2 (6.0.24-1~bpo10+1) buster-backports; urgency=medium
 .
   * Rebuild for buster-backports.
 .
 otrs2 (6.0.24-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is logged
       into OTRS as an agent is able to list tickets assigned to other agents,
       which are in the queue where attacker doesn’t have permissions.
     - Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an
       endless loop by providing filenames with overly long extensions. This
       applies to the PostMaster (sending in email) and also upload (attaching
       files to mails, for example).
       Closes: #945251
   * Add dependency on package libcpan-audit-perl.
   * Use the new debhelper-compat notation, and drop the d/compat file.
 .
 otrs2 (6.0.23-2) unstable; urgency=medium
 .
   * Build binary packages.
 .
 otrs2 (6.0.23-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2019-16375, also known as OSA-2019-13: An attacker who is
       logged into OTRS as an agent or customer user with appropriate permissions
       can create a carefully crafted string containing malicious JavaScript code
       as an article body. This malicious code is executed when an agent compose
       an answer to the original article.
     - Refresh patch 03-backup.
     - Rewrite patch 04-opt.
     - Refresh patch 09-disable-DashboardProductNotify.
     - Refresh patch 11-do-not-test-file-writes.
     - Refresh patch 12-font-paths.
   * Add Rules-Requires-Root no field.
   * Bump Standards-Version to 4.4.1.
 .
 otrs2 (6.0.22-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 otrs2 (6.0.21-1) unstable; urgency=medium
 .
   * New upstream release.
 .
 otrs2 (6.0.20-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bump Standards-Version to 4.4.0.
Checksums-Sha1:
 431f385c43f72517567eb4f9b362de83d1369152 1849 otrs2_6.0.24-1~bpo10+1.dsc
 ad90df5cec9ee59d3e6a32e542b7957f95adcaa9 25547206 otrs2_6.0.24.orig.tar.bz2
 366479f2c37488e91707fd8c3c6eb5950ff0b29a 30400 otrs2_6.0.24-1~bpo10+1.debian.tar.xz
 99606d2a4dfb551dff4cd4e58b9e80a0a99b6ec7 9778188 otrs2_6.0.24-1~bpo10+1_all.deb
 67b2248356c213462c8f0d3d27db6608f1ea9a6b 5618 otrs2_6.0.24-1~bpo10+1_amd64.buildinfo
 2dc3be1126e492569e732eb095f25c0e32c8357b 254976 otrs_6.0.24-1~bpo10+1_all.deb
Checksums-Sha256:
 b5d7b57033681f017cdbd7dfc9bbd6784cf92408c52d912330a2208761b07d65 1849 otrs2_6.0.24-1~bpo10+1.dsc
 c5c1486fa3090b5fe4293f710cb4a19905b1b52f0eecb6de4063be6fac9012e2 25547206 otrs2_6.0.24.orig.tar.bz2
 b83bd7004d7017243e940bf5a18cc0f80ec0962e79a1c5f95de349e68089d83e 30400 otrs2_6.0.24-1~bpo10+1.debian.tar.xz
 bb92324639f8ae8be29105b38ecbbfae0308c97c903bcc369ad35e32afb4f0aa 9778188 otrs2_6.0.24-1~bpo10+1_all.deb
 85b69ea249a13e0211bfda3abf23bccd7eeda097ca20295f003edb7323640497 5618 otrs2_6.0.24-1~bpo10+1_amd64.buildinfo
 adbb5af406044fdb8135f541a72498aa8ec8e860a57cc50a14a5823a06370484 254976 otrs_6.0.24-1~bpo10+1_all.deb
Files:
 9f142a4071337c5847a7ee9a2bcb854b 1849 non-free/web optional otrs2_6.0.24-1~bpo10+1.dsc
 ca1e79f82db15889ff4ace75e56a9897 25547206 non-free/web optional otrs2_6.0.24.orig.tar.bz2
 c791bda104b79e386cdba2587d547baa 30400 non-free/web optional otrs2_6.0.24-1~bpo10+1.debian.tar.xz
 fc9493bd9d70310ed196a4d88a2fc957 9778188 non-free/web optional otrs2_6.0.24-1~bpo10+1_all.deb
 e883828ded3ac11095533437bf1fd5a4 5618 non-free/web optional otrs2_6.0.24-1~bpo10+1_amd64.buildinfo
 1dd7675eda4f2de4827a68fc24a8d86e 254976 non-free/web optional otrs_6.0.24-1~bpo10+1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl4z5woACgkQEtmwSpDL
2OT2mA/9HTEJx79Gdm+Sy9NS2XaVyBiBctbbZW7yvEQQdRS+s71xh2NlIx9Mgcsf
LmnKV9lGQqoBbhNqWutDL8VEVsSw59B7oDyE7XmtMupcQg4htCOodcmjb7qkbXJe
vyl7gAn+MjBbF1sdb4ZVcQHlXh4JvQ+4SXGBvA3i2lviHivsMk9dVImUXfzZ4aWD
3XIUDvDDu4ujz4kMmTDQnHp7ZtdZcQNSMb0uEzqa8UU9z/mliAFxoKu6mb4Ne4Bt
mV2XIZbTeLy3yOToAxeIxdi8m3FEVzZbevJ/aRpyVMhv0EPqJWAfKtBxoemi/3vo
TckkPAVJi/ZADrUW0MqHVAIKINcXANXQquXfe78PmIRmFCrgpU34VSlWaamkdZ9f
F+kOeqi3CC9cj8aFH+73+P3T220zS/SHFgo5p41MFBwwFVV93Lab10Pyq3JmGflu
n58FEhCXTbnhKGRQ9HyC45IKb9MFD3GEdgAgQSu1j8dD3ZYbl06XhaPoIOSgA+lM
3bhgr9vL2bv9v5MaeB1iHnxZh6IzxK3eC1TXiu1f46kW7ypaZM6NOzvpBEx+iT4J
GKXCdFAd69fJW3mj3ioC9VTmJEfztMhjcwIJmAMmv2B85n8R3LBMGNVtF041VHzL
hx4dxHKq2KvLHEZoVslIRnTrKECese9lo7flpKUamu29HicDHMc=
=Baqp
-----END PGP SIGNATURE-----
News for package otrs2
