-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 19 Dec 2017 10:55:46 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u4) jessie-security; urgency=high . * Add patch 20-OSA-2017-10: This fixes OSA-2017-10: An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agent’s session. Checksums-Sha1: 02a694bb02cc1140819c832cc9da29f32d6507c5 1820 otrs2_3.3.18-1+deb8u4.dsc 407fba319a21ad2c8f3b1f74378ad8e3d1547397 42900 otrs2_3.3.18-1+deb8u4.debian.tar.xz 3384b926d154d27c67652f6e738a618d1ee71b85 5645070 otrs2_3.3.18-1+deb8u4_all.deb 49e1bb43dc7b0f33531f0df068826c2a685474e6 188698 otrs_3.3.18-1+deb8u4_all.deb Checksums-Sha256: 31185e07a5db18e61cc8e96c9b80c78af00cbd953da489bd40ec21608d1a2ee2 1820 otrs2_3.3.18-1+deb8u4.dsc 2033154ff356d925e444175c7cb6ccecbf97af0feac643f51149c5e33244c037 42900 otrs2_3.3.18-1+deb8u4.debian.tar.xz 54040813f2a252e29e2daf078ba87c811ea23849873e0d12a12eb2bfd4e86b7b 5645070 otrs2_3.3.18-1+deb8u4_all.deb 11e63453cb3794ddb631a8897aa54a12d03df3475f8680b580b298bbcdd03aff 188698 otrs_3.3.18-1+deb8u4_all.deb Files: 65159af8bb551041460c81ee3dea610c 1820 web optional otrs2_3.3.18-1+deb8u4.dsc 0632889bc6f789675f3c98812714051b 42900 web optional otrs2_3.3.18-1+deb8u4.debian.tar.xz 6613d20c1c1301b305694de4430f5b85 5645070 web optional otrs2_3.3.18-1+deb8u4_all.deb 959ca22b6b030b4dd3b20ad3a1b8c80f 188698 web optional otrs_3.3.18-1+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlo6HV4ACgkQEtmwSpDL 2OQtDA//fPz5SpOFIqI6eCMW/y8j1tZCZiJTYw+yyYLIHszYZ9SsRR/sNttOmsTh +p0YVVfzIXcHsZmNMQN+iodX4BVCubtONYr4N/2UIYeZSVx8YkJnLBNDZYDls3oh bJo7bXQ4gE7umS/mzz7TPZ5WYNgCeLBQk9zgUUzLw+hGHXLLv2ZmEHM8oocJ5kW1 bjTOPGYEehnQtQoqDtGt+wJsa2YH7IHUOZpzbrvat1K0/uhJG42izU0e15hQ3MR5 tkwGs7ZfqIHuFvtwk7VE8vtCWXsH3Q/A4U/hQalajeiJ2Gt57g7klwyvvqmJQQnk W00qIxRnv9u+iHYQXSp7k1+ZnSr1nfktM5HEeD+Yy4qL6X3ji6+tX7rm7QIYI9/K LeFOl6H+AJ3d90CZEe74Dpdo1BSLpRpKmUh9zc6hkUI7A2k9H0IaFN/r5XQWTbk3 35qNPBp+zcVw4/RVstpjWBKgBrQUBeiitEsk5aIgSG3O5Sg0c4JvbJl1KxaQF1xs SutDUrQMA1aRImREfwz1kKjZY+td7zZg8Rwzxbkd9FjnrQIkUyBLlhTK0jwfGSJb VFQEHWfWPVfazdz4Uk9AHesxO8mtNBdkYI5TMBfgzkB1Iu7ydaa12U6pqOPc4Mng QMxpm9wq0ycYsf2rWJw7mVk9We+/Sn3PXWZVY+DrGYfppnbnZrk= =S3Bh -----END PGP SIGNATURE-----