Your message dated Fri, 21 Sep 2018 15:33:47 +0000
with message-id <[email protected]>
and subject line Bug#909160: fixed in otrs2 6.0.11-1
has caused the Debian Bug report #909160,
regarding Outdated example for otrs.SetPermissions.pl in README.Debian
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
909160: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909160
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: otrs2
Version: 6.0.10-1
Dear Maintainer,
the otrs2 packages 5.0.16-1+deb9u5 and 6.0.10-1 currently provides the
following example for the otrs.SetPermissions.pl script within
/usr/share/doc/otrs2/README.Debian:
---
/usr/share/otrs/bin/otrs.SetPermissions.pl --otrs-user=otrs
--otrs-group=www-data --web-user=www-data --web-group=www-data
/usr/share/otrs/
---
I currently don't have a 6.0.10 installation at hand but running that
command on a 5.0.16-1+deb9u5 installation is showing those messages:
---
Unknown option: otrs-group
Unknown option: web-user
---
Running the otrs.SetPermisions.pl --help shows the following output:
---
bin/otrs.SetPermissions.pl - set OTRS file permissions
Copyright (C) 2001-2014 OTRS AG, http://otrs.com
Usage: otrs.SetPermissions.pl
--web-group=<WEB_GROUP> # web server group ('www',
'www-data' or similar)
[--otrs-user=<OTRS_USER>] # OTRS user, defaults to 'otrs'
[--admin-group=<ADMIN_GROUP>] # admin group, defaults to 'root'
[--skip-article-dir] # Skip var/article as it might take
too long on some systems.
[--skip-regex="..."] # Add another skip regex like
"^/var/my/directory".
# Paths start with / but are
relative to the OTRS directory.
# --skip-regex can be specified
multiple times.
[--dry-run] # only report, don't change
[--help]
Example: otrs.SetPermissions.pl --web-group=www-data
---
--- End Message ---
--- Begin Message ---
Source: otrs2
Source-Version: 6.0.11-1
We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated otrs2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 21 Sep 2018 16:21:29 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 6.0.11-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
otrs - Open Ticket Request System (OTRS 6)
otrs2 - Open Ticket Request System
Closes: 909160
Changes:
otrs2 (6.0.11-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2018-16586, also known as OSA-2018-04: An attacker could send a
malicious email to an OTRS system. If a user with admin permissions opens
it, it causes deletions of arbitrary files that the OTRS web server user
has write access to.
* Bump Standards-Version to 4.2.1.
* Correct outdated SetPermissions example in README.Debian.
Closes: #909160
Checksums-Sha1:
3efb3d30749c6ec8bc17cdb4fee30b9434b81e63 1796 otrs2_6.0.11-1.dsc
2f084df2964855c7acfd0f334bf23f0150917964 24514117 otrs2_6.0.11.orig.tar.bz2
05a5af2358c3d51c1d72ebb162a4c2aa5d64b01a 28904 otrs2_6.0.11-1.debian.tar.xz
e5e17cdfe5af004fadc4e65d3ec0d09af131dc1a 9551172 otrs2_6.0.11-1_all.deb
0855cb4b57228d076e614341385c4f4f5b2eba8a 6418 otrs2_6.0.11-1_amd64.buildinfo
591c36da72b19b5e1317710f189bf1c7441f982a 245168 otrs_6.0.11-1_all.deb
Checksums-Sha256:
2c417048b1169ec9065dd530d36b6f8f0385fbea5bb200759d606a55ff1d33d8 1796
otrs2_6.0.11-1.dsc
459a4ad1c91ff58cd967799a6f5a2dd966514ba333e38cbe4ea688a43ab567de 24514117
otrs2_6.0.11.orig.tar.bz2
279e41b826791fea1c6eb191e380040679554d3700c8565497bf70865eb684d9 28904
otrs2_6.0.11-1.debian.tar.xz
81bedbc865a8cd5a468c8670fd08fe3f719af6feb2a4d92ba6586fabc2016220 9551172
otrs2_6.0.11-1_all.deb
f37a14307ec64f064d0a4de6f22e47da1caf3bf90c16511f62f6fc50b4d56c2f 6418
otrs2_6.0.11-1_amd64.buildinfo
cb3477e1dc1e08a0f742c4a1796407279de07c989440f894d5d7701eb48c049a 245168
otrs_6.0.11-1_all.deb
Files:
a98aea2df00a1414cec774b45bd5c51d 1796 non-free/web optional otrs2_6.0.11-1.dsc
db1ec748e1eee3284244a68497b3bbf5 24514117 non-free/web optional
otrs2_6.0.11.orig.tar.bz2
c33d9a2588dd9938df8b35c71c5f183c 28904 non-free/web optional
otrs2_6.0.11-1.debian.tar.xz
83f09a0fe2ddf662668a08ca0c3bfdba 9551172 non-free/web optional
otrs2_6.0.11-1_all.deb
86f4fc98a7b3da25705287f63dac2cd6 6418 non-free/web optional
otrs2_6.0.11-1_amd64.buildinfo
8ea9818cc4bc138cad8eebefcbabc960 245168 non-free/web optional
otrs_6.0.11-1_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAluk//QACgkQEtmwSpDL
2OTR/Q/+PqzouJj/nPRLfwwXr6CIdGP16bRmjMFAiqRaFJ8+O/OA7aeREhZuQrY+
6JIrFhgWxcLB6zYYVrKMJIcqySIubtMYaGD74FfUiIwF8qmFXAXW3rIwb1+HS7Rp
uqCJakZjGlk9cnnrj3U9WzNyACdhYkpDzDlLYEF98NA1y9neEyS9koB0NO1RRois
pUARCAXSWtQT9bs+XYgTw7urNLUbDpGIEAxE7aioqBBC0770a63dbFDiYZ2u5Cpz
m3owLXGqWKaXokO3fOUjlmrTlotbKv/+ER/4OTDb9uxeNKqrwhkAKs2tzej3o6vL
KzPdMVaFfNJqgOH+yDMoETpgBxAgFu2lI6kIHJMO72EQkmnwjGd0qz5lqzzyFA8S
52ftabylDHfmPhZPTqe6qhgDn8lVq1xfhKfvLBf476g2t2E5/rPlIuaKVF0g+WmJ
3vq5bo3eKBC84oSOl7Flbsj9m921MrEWVu7i7/psAxIjA9zk5JFdcBagv/c+19bV
ZpJSQtDidREhvjmu8W8rFDoty8v3+tNLyPAn928r/dT6f5AIol/e4HVyv9o8YKlV
zj3fPzL0qK27m+hkq5QCdeOjRPECX88VvQ3HYXdY7FqLAh1OFj1ynG5Lwh6j07/i
Y1lYuCxYOD2talB7M3pVft3LTYneJcaaZ2HHXqnKVJrtMIKn5mw=
=H2mY
-----END PGP SIGNATURE-----
--- End Message ---
