Debian Package Tracker

From: Patrick Matthäi <pmatthaei@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted otrs2 3.1.7+dfsg1-8+deb7u4 (source all)
Date: Mon, 24 Feb 2014 22:47:06 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 12 Feb 2014 10:43:48 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.1.7+dfsg1-8+deb7u4
Distribution: stable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description: 
 otrs       - Open Ticket Request System (OTRS 3)
 otrs2      - Open Ticket Request System
Changes: 
 otrs2 (3.1.7+dfsg1-8+deb7u4) stable-security; urgency=high
 .
   * Add patch 35-CVE-2014-1471 which fixes CVE-2014-1471, also known as
     OSA-2014-02:
     An attacker with a valid customer or agent login could inject SQL in
     the ticket search URL.
   * Add patch 36-CVE-2014-1694 which fixes CVE-2014-1694, also known as
     OSA-2014-01:
     An attacker that managed to take over the session of a logged in customer
     could create tickets and/or send follow-ups to existing tickets due to
     missing challenge token checks.
Checksums-Sha1: 
 658d66ae5de839fff2c5948b4c36f4741430a953 1831 otrs2_3.1.7+dfsg1-8+deb7u4.dsc
 1a4b22c6bba79490ba7d5a7181b5b8216df1ab89 53378 otrs2_3.1.7+dfsg1-8+deb7u4.debian.tar.gz
 53c40501bd87f7ed74ab44cb082e7a18f6f2d8a2 9763222 otrs2_3.1.7+dfsg1-8+deb7u4_all.deb
 81b1d102891c135effc7cd00a6b18bd55913d6a2 136992 otrs_3.1.7+dfsg1-8+deb7u4_all.deb
Checksums-Sha256: 
 df6d41c9e9f8c0080cd75b47d3edd5386e75749ae8eb856bfe5f885113ec35ea 1831 otrs2_3.1.7+dfsg1-8+deb7u4.dsc
 83b2b530e394e02c35864fc648fa0a092ab068d2fd0b04425c4c0857a22aa840 53378 otrs2_3.1.7+dfsg1-8+deb7u4.debian.tar.gz
 ec53869242566ae0c3c2248ce7b07acba0044552b0ef489e0c263905dd4dca58 9763222 otrs2_3.1.7+dfsg1-8+deb7u4_all.deb
 665e7bb92f97a50af4ba96a8b90f072197be23eaa6904d8bf1ba7928546ba863 136992 otrs_3.1.7+dfsg1-8+deb7u4_all.deb
Files: 
 ca71e34f69108caf5a18d3dcc7b4d3e8 1831 web optional otrs2_3.1.7+dfsg1-8+deb7u4.dsc
 638163279fb21c851756bca6ff71a13b 53378 web optional otrs2_3.1.7+dfsg1-8+deb7u4.debian.tar.gz
 35dacb19784bdf3d03fa96a157e4fdcc 9763222 web optional otrs2_3.1.7+dfsg1-8+deb7u4_all.deb
 725dc9b63243d72dd1808f4fca33ea64 136992 web optional otrs_3.1.7+dfsg1-8+deb7u4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTBfeLAAoJEBLZsEqQy9jkrngP/2pVkva1+myF4UaGKRSSWl+E
AJgYVYujFB6EgBGY68yDlx60poEhfjJg070adluIUgqH8tX9D50RycBeZewPN8qR
IsXCEEESqMKPv+qd+AfPy2pw5Voj3+mZexe1O4HAm4nz9xqxTVmSsKkoe+qQlkz8
sS5ByWP4vbTeHyTdtc9rsISAMyq3iCDeoDwi+F1hnwmPbvg+DNl4tEqhgS0Kvpav
z3I+8vxuaZSkoYZHrCZZPK0gBe+d7rnUsLPPpKw180Nf+cYDxp2jyq291wYJkcDH
aflyMRO3qeFXhS84PYf6Htf0ZNWyMA6Qv113QfxM/wtEz2+pg1UmgxrwYCpWvZZk
wlJ6bt+p28gnYfw5hqCbgQT9i+UgtgISmAUMpGuttJwOwhRS4znBtWkSokai9LiQ
8/25+RWWgLN7maEI0Y1VzBrJIJr0kB7Ah/9jrre/6+wbvs/DBLSuG9esiZjsicsw
dQG4S0oKeELwWqiZp4WENJeQcjcosNi6cVL9ypstIK9KdbdeEa3wBVP6z22jKUJ3
fGCSoCip1aLzgST8T5rpjD68VNA4u/lFDBkvjtzDnPDJVx4I8xDm8pzgk94q1ksH
nsXTugwrdIAagqKcLLuGcodI1K5Coe7SPC/F11oKSB0PXZ0Tt7yIRGMo5abPNnsR
9MePX4sNP3/HLAlWflhZ
=kF39
-----END PGP SIGNATURE-----
News for package otrs2
