-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 19 Dec 2017 10:56:05 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 5.0.16-1+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 5) otrs2 - Open Ticket Request System Changes: otrs2 (5.0.16-1+deb9u5) stretch-security; urgency=high . * Add patch 20-OSA-2017-10: This fixes OSA-2017-10: An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session. Checksums-Sha1: 73b616b059b33f1884949b7684fba5d1b3a0ecf2 1838 otrs2_5.0.16-1+deb9u5.dsc a5cc986229cad287ca37eed86dccaa87fc91cf1f 52536 otrs2_5.0.16-1+deb9u5.debian.tar.xz 740088335612419e5026849aff4194a078c6844a 7053374 otrs2_5.0.16-1+deb9u5_all.deb 06cbf2def038d6145d44ec2b398236e6478cb4d6 7279 otrs2_5.0.16-1+deb9u5_amd64.buildinfo 9723265c3ecf03bc6ebaf4ef236cbe12e63cc87d 213366 otrs_5.0.16-1+deb9u5_all.deb Checksums-Sha256: 090df54e4bbdc318f060b9a08c25f1ad854d842d5c7d9d5f4e953c8f89287311 1838 otrs2_5.0.16-1+deb9u5.dsc 886a2bee29a6dd33b908ccf058824030d6e55e07ef15673911ba73bca60dcfaf 52536 otrs2_5.0.16-1+deb9u5.debian.tar.xz 5bf897596ecacf63ea746805f9615f897533ece292b5227e3d1101ea06b3297b 7053374 otrs2_5.0.16-1+deb9u5_all.deb 0ae229c6c4d0cec793fa3ef1ad192c6ae5d7ef9ae61c4aaee03208e2b84bca30 7279 otrs2_5.0.16-1+deb9u5_amd64.buildinfo a64c3fb238d18cd647286777108291db6ebc76a8451032b35eec92032c78ca6b 213366 otrs_5.0.16-1+deb9u5_all.deb Files: 819cef99e1e01d20f61eb537a6361cbe 1838 non-free/web optional otrs2_5.0.16-1+deb9u5.dsc 3fb7e12a0187f46cd075a13cad439057 52536 non-free/web optional otrs2_5.0.16-1+deb9u5.debian.tar.xz b86fd91322b9b20e0c63af700c04c2c9 7053374 non-free/web optional otrs2_5.0.16-1+deb9u5_all.deb e58433600fc6c27ad12dffb2d8c76213 7279 non-free/web optional otrs2_5.0.16-1+deb9u5_amd64.buildinfo c44a669088541ea7c19c95fb823cbd0d 213366 non-free/web optional otrs_5.0.16-1+deb9u5_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlo6HV4ACgkQEtmwSpDL 2OSK5Q//REk2gS8ZwlRUmiKYlmV7PCA86rJOuOP90WS6+X0gbAF8YFXCeKQDQ4wz 24x6rb4r9d6QQWmoEkSWoESVxiI3MOpxhs+0MEd67SBa2eld/4WiStP81Jkh3M7Q 1Bi/vRnvimDuw7gYnix0BaV06ggsC1MKRawr3e488pEDgsYWQanlFuhoMfEtAgKg RxLy9mgkGOyUun11fMSRxqLaAbci/E5PGIJSVauMq2e8T30yHlFMv3Nl4pJIQkYH 5cezTOX0VA8H/ZNHp9OINXDjjutBNlmKai1khVJdRm/BF7ibAWZDJp1TMzY+RjU7 aaCOO0Qdc8HrZQNy9jmwK0+Yn8OsOG9AaFmpU+pgHOAb19wEKdyWFLW069hYHiGp L69aid24ffFqmK3FU2/+OxFUJmQgyGWivWPqfCxCwVIzle7bMobR3zvumG3xN5+p 6KkNRe0rJlUCd0oyjH0rhDEF85draek8PvIajC8eEHO1aYdaepYcQMyCZ8Q+khUf BmBMhlkTwhwTsZgduvIaL2soCGaccjV7oGrdAd/FyiMMiVQcg6y9Paxvv2b0pEFB xDIjWdV33oLoIy6hEecfRjFz5gMWs+JnN5WEB7YcA7uYi5ygsyTdZdCRM+xOH74B oDCNxtbWMGNbqhCb0+rGNf5z+/3yX0DYldBtQzUNmqoyq6vIPFU= =Z84x -----END PGP SIGNATURE-----