-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Dec 2017 13:11:19 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Closes: 883774 Changes: otrs2 (3.3.18-1+deb8u3) jessie-security; urgency=high . * Add patch 18-OSA-2017-08: This fixes OSA-2017-08, also known as CVE-2017-16854: An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets. * Add patch 19-OSA-2017-09: This fixes OSA-2017-09, also known as CVE-2017-16921: An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. Closes: #883774 Checksums-Sha1: adfb032f863a63dc2fddd8e5d5ee4c0de50c48e6 1820 otrs2_3.3.18-1+deb8u3.dsc 586934b555250a8387b8ca018aa17c266436640c 42492 otrs2_3.3.18-1+deb8u3.debian.tar.xz ee2fb3ced7b2c6d6814c690be596a1c41b964198 5644830 otrs2_3.3.18-1+deb8u3_all.deb 5e1d318549841427a87c3d7815dcc2823fb2df27 188570 otrs_3.3.18-1+deb8u3_all.deb Checksums-Sha256: 379e01840e1e2acfb27e6443e4099f8f7726daa51c267280c43d691f23a52e5a 1820 otrs2_3.3.18-1+deb8u3.dsc 9c7b081847769995b0559dbe8272fbfde79cb19a9104efccd42ba801b799da36 42492 otrs2_3.3.18-1+deb8u3.debian.tar.xz 6bdaf1f9a3cec91078467ab427174665051b343b685a87d8519b2088eccbaac3 5644830 otrs2_3.3.18-1+deb8u3_all.deb 274b1f11de7aa85ff9532d29116ba8a6cfe68c73a61c9919eb7c2cf1a7a249f8 188570 otrs_3.3.18-1+deb8u3_all.deb Files: 12d2f41d20c75f9f926f2d32cbbbd1de 1820 web optional otrs2_3.3.18-1+deb8u3.dsc 84e756a3bd4460d36e2fd1127b67f158 42492 web optional otrs2_3.3.18-1+deb8u3.debian.tar.xz 7fd68cc52ca3596e6ee96f170abfcd48 5644830 web optional otrs2_3.3.18-1+deb8u3_all.deb b5b08d40514e59f2f747f514dd6de725 188570 web optional otrs_3.3.18-1+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAloyM+gACgkQEtmwSpDL 2OQX9w//Z+ZnXHqzSB35xWHvtrFzbOOnLYjCxbfH/2UMto3eYPtT+rAzTkBfcNVz WiJZQKw96mmbYb1mvZIhwLG5puL+0tm2n1//xTj0UWszPNhrZXX+brIZmUu+NYle aTm9Nij5BqHzsTUL3GcxQ4yElzcW/iXYccAJs2NIQDsXDcnl7+xzg9GvUhZIL87Q 3zVqe0cdHuBffz2aYU+3gQRYeF8XYR6d7lYmJHwelzKchhPep1XCEZ/HZ96/QUgC /x3Ma4uPRr5Bl92FDw+upikIl+BYrrhDhjlNhf/zuvixdLsnbJQ3vv5YT0khnP3m fsW1wCQGnD6fKAPmqpHaxguLaEM42IfeYsd96NfgVTQtaefIP+9e2dttwRpLBOng ruCOrJkKFXUJMRqmRgdf6V/1v7qmbdawOHVYwZT43gq+7C0pq+7KIkdZ4PBc0hFI mFHaVCaEiA41mcG6EmEJtKqCJlMytgSb01QeAaKcd/IH1YUqBI0HhbkYF2nvEvtg xM3nAj5sFi7/Q8Bz5/Mmj4MQeDmSjFTzJw89mPVqDNruyF2G9M9PZWqzknigNVUr Xqmrlp6pL7Tpc1cZGO6Vo8zd4mubO1mS4uoZq8lHlCHa414OEI6OVuDAE0sTu5Bh rRwMk7o00Am023pCyWMT9VkIwc5cQtGpcNcDL5wp0ymtHSHOPAw= =EJTS -----END PGP SIGNATURE-----