Am Thu, Aug 05, 2021 at 09:19:14AM +0000 schrieb Debian FTP Masters: > Source: otrs2 > Source-Version: 6.0.32-6 > Done: Patrick Matthäi <pmatth...@debian.org> > > We believe that the bug you reported is fixed in the latest version of > otrs2, which is due to be installed in the Debian FTP archive. > > A summary of the changes between this version and the previous one is > attached. > > Thank you for reporting the bug, which will now be closed. If you > have further comments please address them to 991...@bugs.debian.org, > and the maintainer will reopen the bug report if appropriate. > > Debian distribution maintenance software > pp. > Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package) > > (This message was generated automatically at their request; if you > believe that there is a problem with it please contact the archive > administrators by mailing ftpmas...@ftp-master.debian.org) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Format: 1.8 > Date: Thu, 05 Aug 2021 10:37:30 +0200 > Source: otrs2 > Architecture: source > Version: 6.0.32-6 > Distribution: unstable > Urgency: high > Maintainer: Patrick Matthäi <pmatth...@debian.org> > Changed-By: Patrick Matthäi <pmatth...@debian.org> > Closes: 991593 > Changes: > otrs2 (6.0.32-6) unstable; urgency=high > . > * Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and > CVE-2021-21443. > Closes: #991593
Hi Patrick, what about CVE-2021-36092, does that need to be split off to a separate bug or is znuny as packaged in Debian not affected? Cheers, Moritz