-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 12 Oct 2018 13:45:33 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 5.0.16-1+deb9u6
Distribution: stretch-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
otrs - Open Ticket Request System (OTRS 5)
otrs2 - Open Ticket Request System
Changes:
otrs2 (5.0.16-1+deb9u6) stretch-security; urgency=high
.
* Add patch 21-OSA-2018-03:
This fixes OSA-2018-03, also known as CVE-2018-14593: An attacker who is
logged into OTRS as a user may escalate their privileges by accessing a
specially crafted URL.
* Add patch 22-OSA-2018-04:
This fixes OSA-2018-04, also known as CVE-2018-16587: An attacker could send
a malicious email to an OTRS system. If a user with admin permissions opens
it, it causes deletions of arbitrary files that the OTRS web server user has
write access to.
* Add patch 23-OSA-2018-05:
This fixes OSA-2018-05, also known as CVE-2018-16586: An attacker could send
a malicious email to an OTRS system. If a logged in user opens it, the email
could cause the browser to load external image or CSS resources.
Checksums-Sha1:
0ef36873a6049034fbef5f8694a63072242dac8e 1838 otrs2_5.0.16-1+deb9u6.dsc
5538c2b9138a0b6d5816ff034507dd5ce26abf8d 19417591 otrs2_5.0.16.orig.tar.bz2
96eb8c5568d20ec68319226c8c1602a0c6d20858 54040 otrs2_5.0.16-1+deb9u6.debian.tar.xz
7401170efee5bb6f03673e963ec530e6f9014d6e 7054514 otrs2_5.0.16-1+deb9u6_all.deb
0d273fa56a4cff596508074bb3b4882c4533ce3c 7501 otrs2_5.0.16-1+deb9u6_amd64.buildinfo
1356a5f5a44e52b9280b89e576671eb346d75bca 213584 otrs_5.0.16-1+deb9u6_all.deb
Checksums-Sha256:
2bd3cd3a0cbb9964b72362b2b0738e75e29225de0e143fe298055f76a7e6db96 1838 otrs2_5.0.16-1+deb9u6.dsc
ddec039990c1bdfc27299ab175eff3e1665aa99ba48050f7f2dde480b28f4029 19417591 otrs2_5.0.16.orig.tar.bz2
b185225b6a0cb7330346fab434f64552761c6961fcd0624b67051d494a3f82dc 54040 otrs2_5.0.16-1+deb9u6.debian.tar.xz
7ed3e42e45644e991e95032b37c3897d5769fa50fd43811ad5a6959d905af513 7054514 otrs2_5.0.16-1+deb9u6_all.deb
e01ec2eea5bb9d154a0210e9a620643c288ca47574f097db42a1bd0625570787 7501 otrs2_5.0.16-1+deb9u6_amd64.buildinfo
26342b313281cc67c9e4bcce6f9fdd54eb60e8af4d2a29e421e0d04a94e53f9a 213584 otrs_5.0.16-1+deb9u6_all.deb
Files:
74efa4609d0917946d561d34c6937aec 1838 non-free/web optional otrs2_5.0.16-1+deb9u6.dsc
9fe21e6993bcac71247fdcaf5e1f4e55 19417591 non-free/web optional otrs2_5.0.16.orig.tar.bz2
4c285c82641db3569e47241e69fcb8c4 54040 non-free/web optional otrs2_5.0.16-1+deb9u6.debian.tar.xz
33954955f534b88efc5e542355987366 7054514 non-free/web optional otrs2_5.0.16-1+deb9u6_all.deb
4a8e74dfee1541bdbb5e1e852bf4cd28 7501 non-free/web optional otrs2_5.0.16-1+deb9u6_amd64.buildinfo
ef9678f5f3437e926ad6332a31c12ebd 213584 non-free/web optional otrs_5.0.16-1+deb9u6_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlvBv4kACgkQEtmwSpDL
2OTOEhAAh5musPaecN2F8c9K1nZdVAvyIhMxnRqosSNHbEaJo9fPIgbgtLTBA9RQ
xIiiRs86goVFMOKqCRH/EBy/WVquifwvA4PlV/GhUlypRkpo/azT1+mzjg/FQGOa
CRbP80UBhv1CvWdastaoOvR+4osh1ruP5+a8hw3fJE7bBs5/JAXdoHYKCkNru63t
PHmo+RRfE+yBsbyscnX6OKyR0LUH/OV9y0io6WJr+P4gNmVRaeLgy+nHdmoCxvyR
qKfX3X00g35l6OHRrAWWzuBLdOIC55RBM2AM7AM7z4wHflKhlGPHlyyM1hWtLIlk
g67K+toCkulChFebkAjH2xaZfsBy5I74T5gHio7Tx1tVy/ttMDzz2H+vsM4xRKtu
NwGPhXw0QXrbpL8ff59dSS/Erq5G6lK2I4OanuJl87RzE3qmyKlAwlVwVlftsrtE
19PMdKvQlp2dUQkNyABpCBpxtIOK0faTPhgBa6r+KdOA5hjACUAt+i63KSTkEiFi
gIjeLZ3PBkxWc4pkAtyrhs2xpb5FbXQrNjoYkby9EWgtoHsWHgiZNkRSCLRCfz8X
uyBrvGYT3pABODW5OKbKKmqSUTSdArstIEvTe1FRYaQoCy1Wk7Ov/ikGyG0VF0nx
mvHLcxi/LuLfnNk5oMEr/sIvqgH1qm7R43h6UwxSrO/lLpqEaNA=
=2Iia
-----END PGP SIGNATURE-----
