-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Jun 2017 11:17:23 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.9-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Closes: 864319 Changes: otrs2 (3.3.9-3+deb8u1) jessie-security; urgency=high . * Add patch 17-CVE-2017-9324: This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 Checksums-Sha1: 9d73ea0fcd46c5b1059d3f99a4db6a1c71e765ec 1799 otrs2_3.3.9-3+deb8u1.dsc f699a67446def027f044bb55425eaab8f124ed2a 20457443 otrs2_3.3.9.orig.tar.bz2 03aaf53adabcd728a7b2a283a803ac4384670ced 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz 666ab7678f685d09b8f119dbcbd1ecc3867d35ce 5666094 otrs2_3.3.9-3+deb8u1_all.deb 9c6ca6b8da1b4659451f6c9d0dd8ff5e8e93e2c4 184044 otrs_3.3.9-3+deb8u1_all.deb Checksums-Sha256: 3a2a5d2ed5e5a3eb8e668f09741039a1c7dfe2d86f18ce7d672ed00a2f931f5a 1799 otrs2_3.3.9-3+deb8u1.dsc feb22e5a760b17d8d856c9adb348d453996454eee8c5bfa66a54202e90ce3803 20457443 otrs2_3.3.9.orig.tar.bz2 2c12b687221ecaa9fa61da4f39d298696a9e57d14253614b42e440417e459cef 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz 0f14b1205db0c4e3575a55e0a1c62ed5b46c049a14f4c418f0671c912d366fe0 5666094 otrs2_3.3.9-3+deb8u1_all.deb c02bb85a0c1a8acaf0ff025935e2b1b7dead61726c140371de1fde1c5bed960b 184044 otrs_3.3.9-3+deb8u1_all.deb Files: ec0135c212a0d13284721a7a1b291c16 1799 web optional otrs2_3.3.9-3+deb8u1.dsc 93f3139e573dce3d592719f3d1562ea7 20457443 web optional otrs2_3.3.9.orig.tar.bz2 24ecc2ee96dfce9e9df132fbacbfc0a0 45292 web optional otrs2_3.3.9-3+deb8u1.debian.tar.xz 13d608451e83901d3ff6eb28dee2e0b9 5666094 web optional otrs2_3.3.9-3+deb8u1_all.deb e256cd2766acbe304865b00718a9921e 184044 web optional otrs_3.3.9-3+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZOSrrAAoJEBLZsEqQy9jkLEYQAKfpL+43JHRaWOHHByp2bPsI vcmXN192EtNeS7OMUrgHQwdMf++7F6PyUw+Y22chO7x2TUN2PMY9/YN8oYdCuHz2 rPHwsr9KegSLtZeZQOHX48fh470MV44vI2VDawVXpIjzx9l+xJuh5hApRzxjn8kh 3DxRvYidvSEAdE9ab1vR/HHmrii2uBdMldX8Zxi8yJ+Y/h2UQw+A3HNcdmunW5Ob Sadxq226gUHBkHA0NAeVmY3PCw+KWTZnU3GugFDJCcoUoHxSkW0AQ6Cl/uYnFC8p E1rluLAMOFNAL6WDbZLudQvo3wolk/3We44DBkFQ4uTsLHKea8Oygf/BofxbWJ3W jJYavbV6BEHXg/UVaGvXLzuzmguNTxtTQrQy8IGhv31DpBWQJdvfmAwp/lECECiX YOxbF4TVc9bgIIoufZ/cDLWZM6DxKsw+xVZjcwWP5MBLwVBGsFZTV7iYQfJpjmOI VOiJNG/6oiaSCWTBotCKzZ9mcle0SP3F0mIPbPF39ZJTMEVDPpbDHtxoFNAwUnU2 2U4eyKU6wsn8tJP6fFbMwp1m5loXTIac9eSteLeGbunSrYEfLqPVBWa/oI3U1+5k fUd5HdclY16ZFE2POUAMDtBUM9nYNy8tYqJH+/1uCLrrLgO7MFeU8GoihhqxEM6Z /tJYWhhDIV+FzXKCi+sB =UI1z -----END PGP SIGNATURE-----
