-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Jun 2017 10:39:18 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 5.0.20-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 5) otrs2 - Open Ticket Request System Closes: 864175 864319 Changes: otrs2 (5.0.20-1) unstable; urgency=high . * New upstream release. - This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 * Remove obsolete symlink for jquery-ui. Closes: #864175 * Merge 3.3.9-3+deb8u1 and 5.0.16-1+deb9u1 changelog. Checksums-Sha1: b5b8d4318d4a2db5425705a1c80f7aa7be05de74 1796 otrs2_5.0.20-1.dsc 1efa21127c52bd373d561b10b614ea734c7e4299 20638821 otrs2_5.0.20.orig.tar.bz2 9276ed165274dc1e87c2b65b538b84d4ea3e73db 45108 otrs2_5.0.20-1.debian.tar.xz f283cd863715cb853d3e292af2d2670287aeb60e 7395178 otrs2_5.0.20-1_all.deb 2070558974856982941ed9567b311dbbe4198c2e 6590 otrs2_5.0.20-1_amd64.buildinfo 977e595487168963683b28e89d2a492d1076e8d1 218786 otrs_5.0.20-1_all.deb Checksums-Sha256: 689df26f6fd53243df680d581bebc688bb6fbabb318f1520702a502162f11073 1796 otrs2_5.0.20-1.dsc 1dfebd86dc55c7e125593e0bb5307a74217f15e23469fead66e2a4f6e00e27e5 20638821 otrs2_5.0.20.orig.tar.bz2 13a7d5aa0ad90a81fdd50299d085ade3c86ffd4250dc9daa2704a5eb5892851e 45108 otrs2_5.0.20-1.debian.tar.xz 1d2f2bf8dfe2acba58700c3ba8800a4dcab7f907ffe30da406d50281a75b8039 7395178 otrs2_5.0.20-1_all.deb 60dcdced4e73e5c8e214dbb9c232814ac8a28463d635aa48bfe551cdca2c8a02 6590 otrs2_5.0.20-1_amd64.buildinfo db0b7b3537648ef198a12402ed37eed51f81fef4dcd4533d3354a24f46a70211 218786 otrs_5.0.20-1_all.deb Files: 21395469b6756c46e8c9e2d2f3a51884 1796 non-free/web optional otrs2_5.0.20-1.dsc 8d576fb9bf5ae6a779acf360f932bf08 20638821 non-free/web optional otrs2_5.0.20.orig.tar.bz2 e5c00fdea60a29a688aee207f6c2f4bb 45108 non-free/web optional otrs2_5.0.20-1.debian.tar.xz 1d140e5ef9a182a7570355dc839195e8 7395178 non-free/web optional otrs2_5.0.20-1_all.deb 841966c6680c5b6ab7eb5e641bacb8be 6590 non-free/web optional otrs2_5.0.20-1_amd64.buildinfo a764b9713e79d7543874a2ed17648fde 218786 non-free/web optional otrs_5.0.20-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZOQ4sAAoJEBLZsEqQy9jkWC4QAKS11I8dzM9LpkbXCB2hx+a3 d5r1x9UtPBKCURtWNHmOkOHOu9lLfMsW2fIu4yBJ1PBHfKTnt8AKqZeafEQ698kD RXqNLNLnu599kBaPqd5zyGhMG82PWXMCatCw4vDB1+i8y5YKQ28t9iE8fu4WRTO3 ApR9x44SqbQbZLwFdD7CjJM+sGkJ1LU0d3iTDwsGhTTqECZZeLPof10lCsNuQV+Y UPO4EYfJu/cY02u+PilE8O9VXwnuhCziVm47WHouh4C50E4kaGqrIRcBKTz0aofO VziXD19wsxbtwAh0WEmINBhHOYtBySwjHrWfZUzU7BLhFHe/X2WPg5nnkTNXEj0p Gz0jfta+L/H8PQHYNNdP7xhH0eRp6Rlll/T7/XtuoGKXzhHIU9+7wnemAuy91Wpv zcLTpxZ/GTfuWmxwaDnZxNTGsaVNNUGmVdzNyDZ5rCGmxLzFilJ+GiwEJisLXy73 e72DQoojQXSeyB2J7+8wOSW5A9XhfLcsXq0xY+3yeNXsE8Fya+sCwm7gk8eDnCU4 RkbH9d3HNDTo4CcPHwxYFJBB1rojF3ra973s7B9PtW1Yki5fEE+savwKL1Y31adF NH3Wef3G8fxiu/WpD+E34vhg9QpMEsJhDRuhTkcWBTJincwc1KGUWv8UkASvM9bX gIz2Z+tkdBMM+i95a44R =m1Yl -----END PGP SIGNATURE-----
