-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Feb 2020 16:56:22 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u14 Distribution: jessie-security Urgency: medium Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u14) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * CVE-2019-11358: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. Checksums-Sha1: c1fab448e999086ede67016308b10f415429c504 1479 otrs2_3.3.18-1+deb8u14.dsc a45ae4b84fbe756edf8b95245c9a7c71227182c7 87588 otrs2_3.3.18-1+deb8u14.debian.tar.xz f9498ed78360469a03653f6b4250174796a0ba1e 5659994 otrs2_3.3.18-1+deb8u14_all.deb de0fa763f40dc01179300389083c774649fb1060 190564 otrs_3.3.18-1+deb8u14_all.deb Checksums-Sha256: 082ca9b9c690126a859e63a54299d6337e83167fa7681b49cb42dd20f37174db 1479 otrs2_3.3.18-1+deb8u14.dsc a60decefb3971dc7372486eba9731ce55e3e0a894cd3e9662a08bc4151b5baea 87588 otrs2_3.3.18-1+deb8u14.debian.tar.xz 397da16005ffb1de46f4325f8dbde0ce5e688646d388829accaf9cdaf3982e43 5659994 otrs2_3.3.18-1+deb8u14_all.deb f65c201ec265239146e6198c4ac53f113c64ceb1d11884a1b777850d73550fdd 190564 otrs_3.3.18-1+deb8u14_all.deb Files: ca36986ebbed64308e3e74003fbc84c0 1479 web optional otrs2_3.3.18-1+deb8u14.dsc 859509a33015e541e56bcf46a827c6c4 87588 web optional otrs2_3.3.18-1+deb8u14.debian.tar.xz 075abc114471543647db7aa41cacbf1c 5659994 web optional otrs2_3.3.18-1+deb8u14_all.deb f65479022e4a7a0e4fc82eb22495a677 190564 web optional otrs_3.3.18-1+deb8u14_all.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl5T+CQACgkQj/HLbo2J BZ8CsQf+IaHN8w0ox31H9IJ1qkpffW4PBYGZ88zbPpnNUDQY+SwwL6FErk9Dg+HW cXwAZH9afte4jwAXl84cKW91DndmNuFgAdn+3WCe01PRB4udAEa0pbvbymmScRkc iieHwQISmt4u8Q2lVxqQWIfcW8/LQIWKF640FaEHQZWjkmbhy5TDiQQ+Wb7oG3Nq XLqO8/4xB9MZLThTm7LjEYyhJ6EDdRAoHUugqjkXRf2Kp/d0ryb4gD2JIPTMwtra 4O5hFHieAljJ4ZAf10lrr7ytRlsOihF0C6f+nnync0/NWrtTVe8Te8K60uG565d4 YlkMGI9h501jpteFmJ/0PpfSFh3oxA== =gbEq -----END PGP SIGNATURE-----
