Debian Package Tracker

From: Patrick Matthäi <pmatthaei@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted otrs2 2.4.9+dfsg1-3+squeeze4 (source all)
Date: Sat, 10 Aug 2013 15:48:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 02 Aug 2013 16:31:32 +0200
Source: otrs2
Binary: otrs2
Architecture: source all
Version: 2.4.9+dfsg1-3+squeeze4
Distribution: oldstable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description: 
 otrs2      - Open Ticket Request System
Changes: 
 otrs2 (2.4.9+dfsg1-3+squeeze4) oldstable-security; urgency=high
 .
   [ Salvatore Bonaccorso ]
   * Add 19-security-osa-2012-03.diff patch.
     CVE-2012-4751: Fix XSS vulnerability. An attacker could send a specially
     prepared HTML email to OTRS which would cause JavaScript code to be
     executed in users browser while displaying the email.
   * Add 20-security-osa-2013-01.diff.
     CVE-2013-2625: Fix privilege escalation in object linking handling. An
     attacker with a valid agent login could manipulate URLs in the object
     linking mechanism to see titles of tickets and other objects that are
     not obliged to be seen. Furthermore, links to objects without permission
     can be placed and removed.
 .
   [ Patrick Matthäi ]
   * Add 21-security-osa-2013-04.diff.
     CVE-2013-4088: An attacker with a valid agent login could manipulate URLs
     in the ticket watch mechanism to see contents of tickets they are not
     permitted to see.
   * Add 22-security-osa-2013-05.diff.
     CVE-2013-4717: An attacker with a valid agent login could manipulate URLs
     leading to SQL injection.
Checksums-Sha1: 
 c066300f10dcaa3ab5c23399c5454800ef76119e 1750 otrs2_2.4.9+dfsg1-3+squeeze4.dsc
 2e94163055801beb112213ee6a5a465a49ef580a 37979 otrs2_2.4.9+dfsg1-3+squeeze4.debian.tar.gz
 f6e1ebbf9fe5abac2e8c33d1a2d88baf91544f45 4094430 otrs2_2.4.9+dfsg1-3+squeeze4_all.deb
Checksums-Sha256: 
 963965a11d20035d30027c39dceca864152a0efec320bc0697d905d1b6a94b90 1750 otrs2_2.4.9+dfsg1-3+squeeze4.dsc
 252ae8ca174d728720407bec73b0dec10396fb56675f98ec6ca1af196f20b949 37979 otrs2_2.4.9+dfsg1-3+squeeze4.debian.tar.gz
 bf45f5e373d5930a8db5ba2cc887575765228c863edc0505e40568a77d9679e5 4094430 otrs2_2.4.9+dfsg1-3+squeeze4_all.deb
Files: 
 044bc7726e2a74557192572167b35180 1750 web optional otrs2_2.4.9+dfsg1-3+squeeze4.dsc
 5b15be00496bb0630975a20e8a860eb5 37979 web optional otrs2_2.4.9+dfsg1-3+squeeze4.debian.tar.gz
 821b9ff68920e5092d93dbb287404248 4094430 web optional otrs2_2.4.9+dfsg1-3+squeeze4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJR+8QEAAoJEBLZsEqQy9jkqkwP/AlG1kfE88Z1rpFSY3mRLnmN
lAeBVTBpsIijI97iwWpf5afszbwhVu529B16+Hxxk2RCP0z8A/vpSg2Y/HaJiJp6
KAQh7lg5EehJhu7sWquwgl72pAxQ2dFCvkbR7Z9KXBlI3tG8SQWJV4SO6xCousGA
iWc09hgOEdNKK8OIbVIIvylBN47sTnSgBqDYOYYQpBSBU2bNtiZO+sSPxGywwo6b
6PeBgDFZUuW5kO51yTmUxU1/EQPMbGKSORySH88K4c6M98pxkHC4tITmPla+EcLf
Mq54beP3mGHoowdBr8lxJ0KvpF5pmyFq0PptJUroafRoeE7cjUkP04DhZGmzpHrS
PA8FYXSyLXlhZya7rOfVv7ef5T10WBccfCPo/FLrw6N9Fz11cdcUv0XiVDgR9MRj
tBiU7ZBHTCBKdJL1u6ghj+Je2qi7Wt7pb5m2kH/5NRQxRZ6+E1KhZTh0Mp4zKc8h
ReTPfqNJuLnrejOYtlBsSKS/MJ2FV2JV3aJbWywJUuFmT6swb89paS1QCAzN0sN6
DO/UqC5ynUzqHIcpFC/jBPhYqHTguuy6sS3JBYF5lp+3gWikRQaGk2Nn41XExMX4
e/HwR2EfDCdoWTv2ZHg4Rnez4l1nVHzaVs0FoamvupquF2luGk5LbO5Od4ta8h2w
oKyqKyJDmwg7VQgrbWgP
=UhH9
-----END PGP SIGNATURE-----
News for package otrs2
