Your message dated Wed, 15 Feb 2006 00:02:18 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340352: fixed in otrs 1.3.2p01-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: otrs
Severity: grave
Tags: security
Justification: user security hole
OTRS is vulnerable to several SQL injection and Cross-Site-Scripting
vulnerabilities. Please see here for more information:
http://otrs.org/advisory/OSA-2005-01-en/
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
The new upstream version 1.3.3 fixes all these problems.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
--- End Message ---
--- Begin Message ---
Source: otrs
Source-Version: 1.3.2p01-6
We believe that the bug you reported is fixed in the latest version of
otrs, which is due to be installed in the Debian FTP archive:
otrs-doc-de_1.3.2p01-6_all.deb
to pool/main/o/otrs/otrs-doc-de_1.3.2p01-6_all.deb
otrs-doc-en_1.3.2p01-6_all.deb
to pool/main/o/otrs/otrs-doc-en_1.3.2p01-6_all.deb
otrs_1.3.2p01-6.diff.gz
to pool/main/o/otrs/otrs_1.3.2p01-6.diff.gz
otrs_1.3.2p01-6.dsc
to pool/main/o/otrs/otrs_1.3.2p01-6.dsc
otrs_1.3.2p01-6_all.deb
to pool/main/o/otrs/otrs_1.3.2p01-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Torsten Werner <[EMAIL PROTECTED]> (supplier of updated otrs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 30 Nov 2005 20:29:55 +0100
Source: otrs
Binary: otrs otrs-doc-de otrs-doc-en
Architecture: source all
Version: 1.3.2p01-6
Distribution: stable-security
Urgency: low
Maintainer: Torsten Werner <[EMAIL PROTECTED]>
Changed-By: Torsten Werner <[EMAIL PROTECTED]>
Description:
otrs - Open Ticket Request System
otrs-doc-de - Open Ticket Request System - German documentation
otrs-doc-en - Open Ticket Request System - English documentation
Closes: 340352
Changes:
otrs (1.3.2p01-6) stable-security; urgency=low
.
* fixes a security problem described at
http://otrs.org/advisory/OSA-2005-01-en/ and in
CVE-2005-3893 (also BID15537), CVE-2005-3895 (also BID15537),
CVE-2005-3894 (also BID15537),
it closes: #340352
Files:
0dd0acec3580502a8f9ecf061ed931de 600 web optional otrs_1.3.2p01-6.dsc
8861ace308c6f058b331fbd0e8437f0c 6639786 web optional otrs_1.3.2p01.orig.tar.gz
f94589b636198b60b76d36ce074dc04f 15917 web optional otrs_1.3.2p01-6.diff.gz
c29a6b599e31d7b5a847f2f74b658a3c 920580 web optional otrs_1.3.2p01-6_all.deb
2cd8499682e6b4a5fd3ad7472329a3da 2312748 web optional
otrs-doc-en_1.3.2p01-6_all.deb
9783133f230474fabdca9b6fa30ea1d9 3005222 web optional
otrs-doc-de_1.3.2p01-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDjf7EfY3dicTPjsMRAuKCAJ9sT/HGzSBIDka58R7qrd8wydjyFQCeOkX3
skwo7AZ1DoSXzsivf59CDgQ=
=n98D
-----END PGP SIGNATURE-----
--- End Message ---
