-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 30 Sep 2017 20:35:02 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1~deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Closes: 876462 Changes: otrs2 (3.3.18-1~deb7u1) wheezy-security; urgency=high . [ Patrick Matthäi ] * New upstream release. - Refresh patches 03-backup, 04-opt, 05-database, 06-no-installer, 09-disable-DashboardProductNotify, 10-nice-packagemanager-permissions-message, 12-use-debian-libjs-packages, 13-load-debian-libjs, 14-font-paths and 15-dbupdate-as-root. - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is logged into OTRS as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. Closes: #876462 . [ Markus Koschany ] * Use embedded awesome fonts and jquery-ui because there are no equivalent Debian packages available in Wheezy. * This update also fixes: CVE-2014-1695, CVE-2014-2553, CVE-2014-2554. * Update README.Debian and explain how to fix the maintenance mode message. Checksums-Sha1: e4cf5acc6a2abf30b071ff8f97cc009fd69e04cc 1957 otrs2_3.3.18-1~deb7u1.dsc 7f45cf5336e9ce5d507a935241f042bdfdf85845 21067692 otrs2_3.3.18.orig.tar.bz2 5259fd1b735223df007406fdc7c4aee32f289035 45098 otrs2_3.3.18-1~deb7u1.debian.tar.gz 6db521a2aa9763126133e3aca0539d0e0e4bd3d2 10705656 otrs2_3.3.18-1~deb7u1_all.deb f1a65a890fbfad6647650ebe2a93b0293a8091ca 189524 otrs_3.3.18-1~deb7u1_all.deb Checksums-Sha256: d70c4ce2c2ba843e5682b73bf685e3375d487db2d1561a8ae4033bb0456aac7b 1957 otrs2_3.3.18-1~deb7u1.dsc 9d6e4e44316c6812f35618be50d8951a0c2e0d917752610fada936c466bea453 21067692 otrs2_3.3.18.orig.tar.bz2 27b537059c1772b147eacf850dd1d733e0a3791b17faaf707f70de3252454585 45098 otrs2_3.3.18-1~deb7u1.debian.tar.gz 89563566a704effed49e960a9abb5ad6eefb3bc17d8eb56ba21be7cd636230fb 10705656 otrs2_3.3.18-1~deb7u1_all.deb f20ebaf6a5e610e3f210153c0294d396bba4386ef75af34958ad6fc3e237eafe 189524 otrs_3.3.18-1~deb7u1_all.deb Files: b1579348fe6708c9ac21862511601a44 1957 web optional otrs2_3.3.18-1~deb7u1.dsc b3375dfa09a2ec3c4cebc7ad74d55e0b 21067692 web optional otrs2_3.3.18.orig.tar.bz2 7b0b14c7656e3005f5d055dd103bcf79 45098 web optional otrs2_3.3.18-1~deb7u1.debian.tar.gz e45f8a4d8813c20d2f8b49ab4b376e55 10705656 web optional otrs2_3.3.18-1~deb7u1_all.deb 77a10283f58dbad971b029a411ea2833 189524 web optional otrs_3.3.18-1~deb7u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlnP5ORfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk/NUP/RYrTkrAfhQ/jMIjwcl6YZ/A6ufaXHtbNUnL VgE97W8bTMtDX4Wu0tfkUs2g5PtFG124pmj+BtMqMDgFqWdtTs6GGRKyO7Tg4SXj dw2vdmLlElq9nppkpj/5cHrDd+mHqlYetCRsrtQajWpQ1H+igkFWpCdOpH+IAZPH ZDVbdTcgzOlL1xfAEITaoI9rW/+F8/XQB9bRYb0AYyE33mK4YXmD9Pwc6/yXplad BwZ2HNntnxJ52LpUgq047+QtanDaVgRGEU57XerNt4ss+4IAtW0jFihW6oKh3qUL ErGcruMg2TsgBn3Rh6dHaWZu3Ggr+45K7qQRUIUO8U6w2QadXWAp4ONG3wY5E+yY jc7peDxuCS1+rIrEPBZ7EsUdcBIvIGrSm9qGmSagGKi+4pAmfEXmNOXGNZC0Zytr v2faFc/8U7qymykYvqrnP62X47cKn9CJS0/WdB+VyaTg5J7oCCuhq3RMA6pQaANP AFLVrD08tKzrqMlQ58qVps1QU0coCwOmWSQqS24WQOjVK+fqJ6Ali3koCRH/KIyK nPaPKb9hgmEZuQprRw7o8YwRkwZisg+T7wuE93luj2oiaGIy7yTQdJJX/HSsiwKc U0UENeoLpBBv5oZgBw3xAe040fr7Rw0VeuBxY+iiGtNq5aPDxmwMhGAOn9IQgJgl GFduP96D =ISgj -----END PGP SIGNATURE-----
