-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 08 Nov 2017 10:41:38 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 5.0.23-1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 5) otrs2 - Open Ticket Request System Closes: 876462 Changes: otrs2 (5.0.23-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . otrs2 (5.0.23-1) unstable; urgency=high . * New upstream release. - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is logged into OTRS as an agent with write permissions for statistics can inject arbitrary code into the system. This can lead to serious problems like privilege escalation, data loss, and denial of service. Closes: #876462 - Refresh patch 07-otrs-business-check. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 14-font-paths. * Bump Standards-Version to 4.1.0 (no changes required). . otrs2 (5.0.22-1) unstable; urgency=medium . * New upstream release. * Merge 5.0.21-1~bpo9+1 changelog. * Add dependency on libmodule-refresh-perl. * Bump debian/compat to level 10. * Override embedded-javascript-library lintian warnings. The libraries are not replaceable with the Debian versions. Checksums-Sha1: 149db0b0715d6f71846cbe34d3948ad5b9c46575 1839 otrs2_5.0.23-1~bpo9+1.dsc 3bf7973acea1871d54dc7950203543b801747c29 20617459 otrs2_5.0.23.orig.tar.bz2 810978a28601a63d84a2bbe38403dff566612aff 45456 otrs2_5.0.23-1~bpo9+1.debian.tar.xz ed56c03c1cb31581c3a734f87590d7f8707b58a8 7423398 otrs2_5.0.23-1~bpo9+1_all.deb 06b2ce0ec32d2ceb90621c3d2fd0b0a8038f4333 7244 otrs2_5.0.23-1~bpo9+1_amd64.buildinfo 8ed692f8ce5557f74c7fba09d89720348666642d 221344 otrs_5.0.23-1~bpo9+1_all.deb Checksums-Sha256: 09cb4d02cc49db6a6f1ba2cf6f24376f4b5776dcb203b4352f472ce397476790 1839 otrs2_5.0.23-1~bpo9+1.dsc 5e12affbccde0cae5738de1d0c7334e655b4c373ea668913ec54f31564b128c4 20617459 otrs2_5.0.23.orig.tar.bz2 3ecc680ed81c5500b94332b5516daf2f3c31827a9da932378ed9832732074104 45456 otrs2_5.0.23-1~bpo9+1.debian.tar.xz 27140008f622eea61d3d9f322e667788da6f40d60552ec077f3e784391c4795a 7423398 otrs2_5.0.23-1~bpo9+1_all.deb cab9c9df8294184f263cc8a37f66a57e112126b135eeeced90b8d8c77fe23110 7244 otrs2_5.0.23-1~bpo9+1_amd64.buildinfo d2efc8858ac3ec4d06b0dbf9bc9dee82f21eb3dff22af879d57d32e77c63fec6 221344 otrs_5.0.23-1~bpo9+1_all.deb Files: 1784a039f0a78d1cfd5540af90d7eeda 1839 non-free/web optional otrs2_5.0.23-1~bpo9+1.dsc 28ab33486648dd4f6f994429636d9c27 20617459 non-free/web optional otrs2_5.0.23.orig.tar.bz2 55c21e6d90a23fe68914f39bc2f3cb8c 45456 non-free/web optional otrs2_5.0.23-1~bpo9+1.debian.tar.xz ac88a874c0e97a43fc04f042014672cc 7423398 non-free/web optional otrs2_5.0.23-1~bpo9+1_all.deb e91c6143d0019e6f33bff9c99036e3c2 7244 non-free/web optional otrs2_5.0.23-1~bpo9+1_amd64.buildinfo ca887c2f2b8cf6f9620e17a96216023f 221344 non-free/web optional otrs_5.0.23-1~bpo9+1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloC120ACgkQEtmwSpDL 2ORdAQ/+NJsf8T44FC9XZP4fA4WrLIHh+w85kcmnJ6mmSfBbghN36dvjBjDu44MJ 1Wlhy5Ibtx9Gg8eA4y1Do+GNB7oxzLZe/UFU/XBU2wlGlmlbMEe8pbgs2zZrlnk/ WMUeLE39kNGbHZc1qMClPxaNYVNVbKqPbi0IlOLWgsbO/up8lysCqAmK2I8K02Vk QHJHsrT6YFOw8AFwj3EqY2rGwhU1G5raMHjSc4EaBRbRC2N/h97eyuep0wFeZ3au YY2V9QDviFfP5S/L2DbqUz6SD8StxqsJOBZfLnjnLsG7zXvX7df1eWYFkakbqEPc 7jeys3BIBCFGwW8zMfoXg3Uoazfkj5urUYddqRvqSaNtUtZa1PbqRkJFJoT8WK5S mg9FaSevvS8KJjSql7+CT26YAQ9qKtf+vjvT/hYZ1ceUnQL2Jk+ptcBMftsoxQnk gQ71U5sKe+VDNGFoZGDlT1r00f6728HVNlLwoNVBJD7DqLETXFZ8s/2HvgM7emPS 0DbkdQFKyQAolBOoNOxcu03oJ+SjFeOGxjukRFuQJp2l4MA9NTN1mJNHZSjWkIyq o+t5yPDEHAzxSaXnG4KCUDzWyDlNKPfJLPGVVA/fcNZX6/Zd/M/+EqoEnZmbsc9Y E179kYEIR1wfBsXmMl31505hZ3goK1BiY2eYFkSn1xwVRxIeGF4= =vCWA -----END PGP SIGNATURE-----
