Your message dated Fri, 27 Dec 2019 10:26:45 +0000
with message-id <e1ikmpr-0007hu...@fasolo.debian.org>
and subject line Bug#945251: fixed in otrs2 6.0.24-1
has caused the Debian Bug report #945251,
regarding otrs2: CVE-2019-18179 CVE-2019-18180
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
945251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945251
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: otrs2
Version: 6.0.23-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerabilities were published for otrs2

CVE-2019-18179[0] and CVE-2019-18180[1].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-18179
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18179
    
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
[1] https://security-tracker.debian.org/tracker/CVE-2019-18180
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18180
    
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: otrs2
Source-Version: 6.0.24-1

We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 945...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 27 Dec 2019 10:51:52 +0100
Source: otrs2
Architecture: source
Version: 6.0.24-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Closes: 945251
Changes:
 otrs2 (6.0.24-1) unstable; urgency=high
 .
   * New upstream release.
     - Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is 
logged
       into OTRS as an agent is able to list tickets assigned to other agents,
       which are in the queue where attacker doesn’t have permissions.
     - Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an
       endless loop by providing filenames with overly long extensions. This
       applies to the PostMaster (sending in email) and also upload (attaching
       files to mails, for example).
       Closes: #945251
   * Add dependency on package libcpan-audit-perl.
   * Use the new debhelper-compat notation, and drop the d/compat file.
Checksums-Sha1:
 0895760238be4c5f6b7f4bacbe622ed8a73ed1d5 1817 otrs2_6.0.24-1.dsc
 ad90df5cec9ee59d3e6a32e542b7957f95adcaa9 25547206 otrs2_6.0.24.orig.tar.bz2
 797f243fcc63b66259da0b1965c5e3dfefb9343e 30372 otrs2_6.0.24-1.debian.tar.xz
 635df4d5673d7fd55b50ea0545582ba403fc09e6 5608 otrs2_6.0.24-1_source.buildinfo
Checksums-Sha256:
 6c53b95c209df8b21e9b466ee773f0cc2f84f5c42b5c29ece27cc2cb53776e6d 1817 
otrs2_6.0.24-1.dsc
 c5c1486fa3090b5fe4293f710cb4a19905b1b52f0eecb6de4063be6fac9012e2 25547206 
otrs2_6.0.24.orig.tar.bz2
 6e3ff079b620bd7e23d304165650e0c588da6e9fe05dac0c4cb6629b51ceb21f 30372 
otrs2_6.0.24-1.debian.tar.xz
 23b1bfa868683dcc4b0f1d01507b8fa63ba9fcdaa123c1d65214f3e0d71a2993 5608 
otrs2_6.0.24-1_source.buildinfo
Files:
 3e85cb3820609f57206e15d5d7e86e51 1817 non-free/web optional otrs2_6.0.24-1.dsc
 ca1e79f82db15889ff4ace75e56a9897 25547206 non-free/web optional 
otrs2_6.0.24.orig.tar.bz2
 fc0e843d6f18659d50591f9b350a34bb 30372 non-free/web optional 
otrs2_6.0.24-1.debian.tar.xz
 834afdc6f4d8b31998236a79b3bfd1c2 5608 non-free/web optional 
otrs2_6.0.24-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl4F1TEACgkQEtmwSpDL
2OQiFg/9EWILVoJsHpFkmpVcH9P4UrjXthj297w2c+HGqNRSlC0HgYHqbVtvGTxl
6DZSHICS7HXpg1RBLmu2MfwCP70+2ob1gsq4g3zP0mGVIWVunU+xGbrjzGST+Osc
sKOu1++R1zRC9le6kLyabb6cTQNXuCxqGpWbITs7D8PUW0RsMqjvaVJq1yacNmk5
4OnRl09lkwhvc4VUvwI/Jf0TB0m184T5BFt4s0rLYRQiDLx6jJZiYbAIeXYnmbr0
DURYiRQ17tUuR2qpNqSd/A+mfCpz5tgpNvbiXQ5lmNyKXoapxbzMWpwKg5HPp+4G
myq2gR7VsX1lDaM4/gG3yO6RDAxcvtYnXYk9wpkkDRFp4yo5GbVZCxwIXWJryxR3
t+uUgtrq3nRjKdlEZOK4sty4W6s4EbNxJcFVvlyZPDVYo0qgmHHzwi9Cvx4/sI4z
IYsseWMU+m0zB81YWHFV7E0Go9JIz0IEplCEO0n6IZgOlqA5AAjom82wbjr3CDzE
nW07K/AGSmd7JlG2CNdc+pdnZDIoNhXhb4tKnX4w8jBDlYRaSJFbMxn0Pjfh2ggt
cHoKsJB7j73GlEiPhxkh5bHejnv7bQNQMSbNkxbUeVHNNdUasjL8F+shpugj8xqP
TOd7ptmps9lR3dgBkn7WYA71sqx1+AxNJRq/gBXibJkYKW2EQvw=
=E6Xx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to