-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Jun 2017 10:29:28 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 5.0.16-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 5) otrs2 - Open Ticket Request System Closes: 864319 Changes: otrs2 (5.0.16-1+deb9u1) stretch-security; urgency=high . * Add patch 15-CVE-2017-9324: This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 Checksums-Sha1: d19268a534d845c8a16260fc6235fecc7c7d8802 1824 otrs2_5.0.16-1+deb9u1.dsc 5538c2b9138a0b6d5816ff034507dd5ce26abf8d 19417591 otrs2_5.0.16.orig.tar.bz2 8f6f3fe65eec1b84a1ea70563f8f9c8f10fc08f8 45240 otrs2_5.0.16-1+deb9u1.debian.tar.xz 45390b55957421723baef4604018eed0fac7738b 7051968 otrs2_5.0.16-1+deb9u1_all.deb 4dfc77eb815c8254e0a50560ecdff38771e5cd54 6139 otrs2_5.0.16-1+deb9u1_amd64.buildinfo 6dde1c754c5dbc52aceedf9ac2eaca69c50ae87d 212870 otrs_5.0.16-1+deb9u1_all.deb Checksums-Sha256: 99d1576447f7504fabda26d818565de78824accc6e6d875d22971add012155c4 1824 otrs2_5.0.16-1+deb9u1.dsc ddec039990c1bdfc27299ab175eff3e1665aa99ba48050f7f2dde480b28f4029 19417591 otrs2_5.0.16.orig.tar.bz2 6b0bd5ef7755e9b6f40f644dc74fd3c06355902d9f4a2b7708431235236d53d9 45240 otrs2_5.0.16-1+deb9u1.debian.tar.xz 114f365b1753eaebcc8e96a2087951b97459dd0ed1053e94680dcb36bfd59750 7051968 otrs2_5.0.16-1+deb9u1_all.deb c56d596df0fbf7433dae9d745c5ec753ab8a99dbf649da2c28cc498ce53015a9 6139 otrs2_5.0.16-1+deb9u1_amd64.buildinfo 7c86712b0b47b743f735d1d769433b8854f6cf4513add0787af539b316fbf716 212870 otrs_5.0.16-1+deb9u1_all.deb Files: 9d7699878b9831436e7d7d2b103b7dfa 1824 non-free/web optional otrs2_5.0.16-1+deb9u1.dsc 9fe21e6993bcac71247fdcaf5e1f4e55 19417591 non-free/web optional otrs2_5.0.16.orig.tar.bz2 4ef3dd0e4ad72c19f706895be5eb4d33 45240 non-free/web optional otrs2_5.0.16-1+deb9u1.debian.tar.xz f783e5c1ed7df4ec8af58f545af27638 7051968 non-free/web optional otrs2_5.0.16-1+deb9u1_all.deb 0cefdce66de561d00adcefe5768a0329 6139 non-free/web optional otrs2_5.0.16-1+deb9u1_amd64.buildinfo 80a3d6e3b32cd1ffd3e4e1d8dca12fd8 212870 non-free/web optional otrs_5.0.16-1+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZOSrsAAoJEBLZsEqQy9jkUCgQAJW351UJIrCqIq75GaLZJfOt BB/jUiCmaCQXaOoqAW0771j+EW3WwcxYw48tWxTSWZpmeWDToMphuFddrwTaRZzH Oc/rbgcm1rgzbIfqpKH4xoDKJqpsjbr/JSuoUA7oAiP1t+H1IOX66RdiFgywiYeD AG/UmcIWU1KMqvxkVU9+cFyeCBSEWb05FVLBn9wEXt5RRNlFvVmNmRpVRrJkL8we AS8TF34ppJJEnlCmwLiW1fCXTAFwkpvDtkmbEs+SANr6jkrkF6KA1R3NOGQLBBI0 FmR50SvW++7teSpFCl40FeofHLjtvzFdI2SrwimPTV7QDRTv0pgwQQN1oj99m8Bi NkqhWev1pNjnkyOCoz1IIQqLkQyssvqj9rjVH8KxQBKAU9t5ttIx62V/I/uY/kJ0 XoWC/lTpu6ZhH4b0aREVxGZfgiValPqEa9dENBreFy3Hpkl3ynIH+knxG7KcFqy2 HUfpgYtX0Q6qH4i4I22Dh3E1+6IybQwozWgGiEDG+FjCepjmv+voy7YbQ0xZ/So1 nRv2A8WejOkPBz6B+RL4frnX7SsqzqcxQhnR0pbLbl4P16xaCMO51I0Bqvjs+59I CATHM6ScYfDl694LtuScJFGwKP6mhOyVh4yQgWVQdQtrzxJZIKwt0d12wsicU+AV Mvo+AjVhpKuisRKuPon0 =dxzv -----END PGP SIGNATURE-----
