Debian Package Tracker

From: Patrick Matthäi <pmatthaei@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted otrs2 3.3.18-1+deb8u2 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Fri, 24 Nov 2017 11:02:23 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Nov 2017 15:03:02 +0100
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 3.3.18-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
 otrs       - Open Ticket Request System (OTRS 3)
 otrs2      - Open Ticket Request System
Closes: 882370
Changes:
 otrs2 (3.3.18-1+deb8u2) jessie-security; urgency=high
 .
   * Add patch 16-OSA-2017-06 which fixes OSA-2017-06, also known as
     CVE-2017-15864: An attacker who is logged into OTRS as an agent can request
     special URLs from OTRS which can lead to the disclosure of any
     configuration information, including database credentials.
   * Add patch 17-OSA-2017-07 which fixes OSA-2017-07, also known as
     CVE-2017-16664: An attacker who is logged into OTRS as an agent can request
     special URLs from OTRS which can lead to the execution of shell commands
     with the permissions of the web server user.
     Closes: #882370
Checksums-Sha1:
 27c9cca1a50b3571b03f61eded065025e9616b84 1820 otrs2_3.3.18-1+deb8u2.dsc
 acf3b42b22a0abd76e6e6640d1eb1aa5bda2e6fc 40360 otrs2_3.3.18-1+deb8u2.debian.tar.xz
 923c79ad2769a451b15bd75de3fc9ed5a333050b 5644592 otrs2_3.3.18-1+deb8u2_all.deb
 287c43a90c60c5617ef7a7e3d443ba2b3f55dd46 188454 otrs_3.3.18-1+deb8u2_all.deb
Checksums-Sha256:
 7f2fd625275993aba9841b85231f8a4eca1388e7447d23277db3239ce1521bd5 1820 otrs2_3.3.18-1+deb8u2.dsc
 b5b01ce9fcd8f92ef92f8454c98f2622af54bcaa4b438cfca0da5f816cb6daa0 40360 otrs2_3.3.18-1+deb8u2.debian.tar.xz
 fc43ed2e1242cefaa5040005e7974272106e89cdb7bc14fc7faac452716c286c 5644592 otrs2_3.3.18-1+deb8u2_all.deb
 d9c099a91f6d78701f7fc1bc5a50139719f5104d8e0eb11e5d25b9c26dbaacf8 188454 otrs_3.3.18-1+deb8u2_all.deb
Files:
 8dc8728850d446d72c07b604002b5ca8 1820 web optional otrs2_3.3.18-1+deb8u2.dsc
 8fd520cb5ad031c5f14e7dc90e79cecf 40360 web optional otrs2_3.3.18-1+deb8u2.debian.tar.xz
 3f4aa9fe0505a273fc2293a6587b1822 5644592 web optional otrs2_3.3.18-1+deb8u2_all.deb
 b917bfe33ff6bbc4c6b3781c8f8a54c1 188454 web optional otrs_3.3.18-1+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloVlZ8ACgkQEtmwSpDL
2OR4aBAAj82Mk/grW0u9V57FyVGBIjUQV9kdqen3upXbuBopaaKzfcR7UpTknzOy
TUdy99Dup3Yxr/OOEQYv3vaoTjKj/cAAqfFp8crVZTEsFDOfjfRxbp7gXvHVXShf
hUj9LVYS3Tzy7wzv5cGa+cH9cvlLCDzoqG5RudJxN6XjKnIgnbn6IiTxI1Jz+2u7
FPiTEvjMDCH5I6A9DwDBKCQBTXfKKjcyHsZvzAaxnK+lapbj1kjeJ5w4+MQTNkUv
FLsTQNzztnr83yR6ZCpfKteP4TpYICysgiEZeigqlGp5lpp95rhLq/A9/mu6quKi
NiC9JIqh9FEEXJJgD6FS/pF8T4eUfeuFJSLzsWflQGk+jFvh02LFQOpeVQUKgj91
jxW2V+D98F0pPgiwKYV8rD4Mh9P6z6DJtspdDYaTrXUMAHePeyKWC9w9+vXs+jR3
9ZcnprxEo+fWARJFDruL+SjqRHdKZFDyTNeN8WOkmNRhUw3m5f0g8zy0F6mzIYRO
yP3SG2WjTnIZ9bY6Vt71Bozby+oIwk22JTUCPNa45sNI8mYudWUVlF4krvZTb9Jf
Ofz0/omZV2N7NP/LoqqYCD4ObRl0DUQsvoxZ5yXH6AcLZS1JO0FS9AV+AHVJcS2K
OiaeQBOdTIjOVg281TnJPIOVrS21xbKYxunDyJ43+KUylUK2Pk8=
=+skt
-----END PGP SIGNATURE-----
News for package otrs2
