Debian Package Tracker

From: Patrick Matthäi <pmatthaei@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted otrs2 5.0.16-1+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates
Date: Fri, 24 Nov 2017 11:02:07 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Nov 2017 15:16:23 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 5.0.16-1+deb9u3
Distribution: stretch-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 5)
 otrs2      - Open Ticket Request System
Closes: 882370
Changes:
 otrs2 (5.0.16-1+deb9u3) stretch-security; urgency=high
 .
   * Add patch 17-CVE-2017-16664:
     This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
     logged into OTRS as an agent can request special URLs from OTRS which can
     lead to the execution of shell commands with the permissions of the web
     server user.
     Closes: #882370
Checksums-Sha1:
 302bea080cc1a77886e2b4ecd627f382d2bdfde8 1838 otrs2_5.0.16-1+deb9u3.dsc
 898049f899bd8859fa2c17df1bc4ec2bc13c614c 49600 otrs2_5.0.16-1+deb9u3.debian.tar.xz
 7c17549665d3808200bfc3107800b17f8255d89c 7052652 otrs2_5.0.16-1+deb9u3_all.deb
 b4fc5e5e50c747594e3bc73fe7a106e4a1571168 7244 otrs2_5.0.16-1+deb9u3_amd64.buildinfo
 97da148da8d1b6fe7db6004b827618ca6b17fe27 213116 otrs_5.0.16-1+deb9u3_all.deb
Checksums-Sha256:
 9effda6496f6f98f42a43a0b4eeaf458d6e4f1b9e185e8e036d830e50a7131b3 1838 otrs2_5.0.16-1+deb9u3.dsc
 12a56d047f3c6c41adf7dc4469bf8b18e415dfef39da0106fef32acd9fdcebb5 49600 otrs2_5.0.16-1+deb9u3.debian.tar.xz
 ec18c5f49bd863233908048b7f87aed061bba727e57130875ab9789b1d709be4 7052652 otrs2_5.0.16-1+deb9u3_all.deb
 02a5ec25cbbc41417510c05437222c84151d03c06abaed7ef75db7ab17ea268a 7244 otrs2_5.0.16-1+deb9u3_amd64.buildinfo
 e3ae8c205d8c7e848f1d85bae41e82b79b04b6e44a467c5593fb5993badd2764 213116 otrs_5.0.16-1+deb9u3_all.deb
Files:
 e4879549dcfb7d821484cee9e206a827 1838 non-free/web optional otrs2_5.0.16-1+deb9u3.dsc
 412cee7efd05a7c7b78a9e9e4dcc1122 49600 non-free/web optional otrs2_5.0.16-1+deb9u3.debian.tar.xz
 afcc90c2acb9e20840c4cc0ee64373f4 7052652 non-free/web optional otrs2_5.0.16-1+deb9u3_all.deb
 7858e3e3ae32418b719d757077baf0ca 7244 non-free/web optional otrs2_5.0.16-1+deb9u3_amd64.buildinfo
 0abb3bb7c1d2ce9ea18328413aa413a0 213116 non-free/web optional otrs_5.0.16-1+deb9u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloVlZ8ACgkQEtmwSpDL
2OQRShAAgnxySc+3sB+FNWllsu9vX+NbfYyBLzwbLMxF+mFFXS+iem/Aa/UJ0Pk2
zRHNQZXB42nxljseL2KLRhgz4E4Lgh89NJ6ev69Ls+OXVJvmhUh6bFzEK5t1Feat
R2QOJXtp8gjnOs6+vVh/DEjAb8TKdYop6WdJJprob4/BjuLpEd5hAD1PkYHNgC/F
Xt+w4y6/1+AaZXqIjVfUp7w/XYibRHlBJF+BO3zqvo0U+GCEJ+ZUSwkrZ1mUAGru
d4uX+07ctY/wid4IlDZNisbhzhzvmMRTaJXBEjgjCQ9yJe6hmHHwqS/F/r7V3eLq
Bv0SDGhjiBpdK3LCNZlN7SJf2H74MQTNZfD17quaRDeo3RXnkMLw0/zZujtxFJ9w
kF2O3WZMbLRbHLf/0JXrUemC+PTJUiOo7lk2Mm/NA4oZ+LCfoJ1akL0HMP5mH5+r
OKM06pq9OnAjgWHhm643ggY7LpkahhEJFeoPHBb/5rIdgPBuBNd5d8W9gxwzHqON
1kreEcUDTlKdRL4Y/hkMcRv5lDiDLbfNWRpu2clbKPT0YegXUfMbrCQxfFjRkYh2
akCLW6ev3Mg9P6HSMYfuTIrm9vLqqtciuQPazOQ4AfAeLsHHP9nwqDWHzsZQlSkH
eu6ppHQo0Xk0gqsvd4oW2VEpVlfBIQUs7BSOsm+QUDUVhW5YT3A=
=x7af
-----END PGP SIGNATURE-----
News for package otrs2
