Debian Package Tracker

From: Patrick Matthäi <pmatthaei@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted otrs2 2.4.9+dfsg1-3+squeeze5 (source all)
Date: Mon, 24 Feb 2014 23:02:25 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 20 Feb 2014 13:33:07 +0100
Source: otrs2
Binary: otrs2
Architecture: source all
Version: 2.4.9+dfsg1-3+squeeze5
Distribution: oldstable-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description: 
 otrs2      - Open Ticket Request System
Changes: 
 otrs2 (2.4.9+dfsg1-3+squeeze5) oldstable-security; urgency=high
 .
   * Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
     OSA-2014-01:
     An attacker that managed to take over the session of a logged in customer
     could create tickets and/or send follow-ups to existing tickets due to
     missing challenge token checks.
   * Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
     OSA-2014-02:
     An attacker with a valid customer or agent login could inject SQL in
     the ticket search URL.
Checksums-Sha1: 
 97d4d343816af6793f8b957b1fc69a2107f95933 1750 otrs2_2.4.9+dfsg1-3+squeeze5.dsc
 0417ece1dc5de59d6890f1250942324aa5be94c0 39184 otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
 ca92b509f7f059b4e9e2fda452802491e9c493aa 4094726 otrs2_2.4.9+dfsg1-3+squeeze5_all.deb
Checksums-Sha256: 
 38f5f84981479e9ca55a7bf5bc6a9546a97ba304767873d51d3acc080539cdf8 1750 otrs2_2.4.9+dfsg1-3+squeeze5.dsc
 67ccb3d9115f34ece287a483b68496b04cd916fefe9b5f50e31622b09bd11b47 39184 otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
 6ef39977e73c06eced870cc1e10a3169a2738aaee31897483168ed8e794252d7 4094726 otrs2_2.4.9+dfsg1-3+squeeze5_all.deb
Files: 
 2ad979bfd6182c2bdc5886416ac660db 1750 web optional otrs2_2.4.9+dfsg1-3+squeeze5.dsc
 a9a90da1b823c1657509ad9d03f8b0b6 39184 web optional otrs2_2.4.9+dfsg1-3+squeeze5.debian.tar.gz
 abc43c07e5ed8d2212e9d810752e5290 4094726 web optional otrs2_2.4.9+dfsg1-3+squeeze5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTB53QAAoJEBLZsEqQy9jkrA8P/Rxu5rmN87JTvh3gPqea15nW
Utw6xmfts4Lp69udeB5IRKVt680CZ4hnJes4XXPW0pPRUUjHykFukTDC3RcyHQnH
LGUh1gnf7hDyqTh3ZMFT8EqyzLasQAu4wDwuLAlmz/8Nnzc1kRW+GPjEWQgadURj
Zf2hH2iAWbuQmQIUB+c2PpZbp2TxVO+OtsMLnSO7o8tE/ub36TfQt/KxlWGd7t9y
L/G/YGN4vEDL/h/bjari8+PPZC6YZDbMg7BfR+YlvOT0sUDniM9VLXT2qpJnjzyr
ZnBvqlpHWkQgJm1+2xZq9hDlImsiAxb3UrID83FXVgLw4TOSN21RTaxPtgd22t13
rTeM11Xt725vakYG9Og4TeEWVhD9IcKKEPYXPG1A1uRYikBN4HtuCSe0Z6Ylvk+P
PFB+Yg6s2Luu/QI1aHfs74vX/Spqe+b+RYRZCPX00tm5uol8Be4BeGLxMSlxdYVl
tlE18svbfzfHqvJxlaPRAaVG1Rm9+lIe7isI9TGRvwk95BM5/B1q5iHkUdFohVy0
KWBCBa7KFcLfYQjVvIjnzAbgAcFUVvRSP99GWdLJJCXLnBPharopxYedUElJkhka
Rqobb9Ufq6Xip6Kx0bD6WflfI82KDFDudJrF0Mfbi+Cu7+Wgrr5JHuHgQuaYYLqi
eonZNn/ZVzxkmMD1f1l9
=7TxN
-----END PGP SIGNATURE-----
News for package otrs2
