Your message dated Fri, 27 Dec 2019 10:26:45 +0000 with message-id <e1ikmpr-0007hu...@fasolo.debian.org> and subject line Bug#945251: fixed in otrs2 6.0.24-1 has caused the Debian Bug report #945251, regarding otrs2: CVE-2019-18179 CVE-2019-18180 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 945251: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945251 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: otrs2 Version: 6.0.23-2 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerabilities were published for otrs2 CVE-2019-18179[0] and CVE-2019-18180[1]. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18179 https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ [1] https://security-tracker.debian.org/tracker/CVE-2019-18180 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18180 https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: otrs2 Source-Version: 6.0.24-1 We believe that the bug you reported is fixed in the latest version of otrs2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 945...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Dec 2019 10:51:52 +0100 Source: otrs2 Architecture: source Version: 6.0.24-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi <pmatth...@debian.org> Changed-By: Patrick Matthäi <pmatth...@debian.org> Closes: 945251 Changes: otrs2 (6.0.24-1) unstable; urgency=high . * New upstream release. - Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions. - Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example). Closes: #945251 * Add dependency on package libcpan-audit-perl. * Use the new debhelper-compat notation, and drop the d/compat file. Checksums-Sha1: 0895760238be4c5f6b7f4bacbe622ed8a73ed1d5 1817 otrs2_6.0.24-1.dsc ad90df5cec9ee59d3e6a32e542b7957f95adcaa9 25547206 otrs2_6.0.24.orig.tar.bz2 797f243fcc63b66259da0b1965c5e3dfefb9343e 30372 otrs2_6.0.24-1.debian.tar.xz 635df4d5673d7fd55b50ea0545582ba403fc09e6 5608 otrs2_6.0.24-1_source.buildinfo Checksums-Sha256: 6c53b95c209df8b21e9b466ee773f0cc2f84f5c42b5c29ece27cc2cb53776e6d 1817 otrs2_6.0.24-1.dsc c5c1486fa3090b5fe4293f710cb4a19905b1b52f0eecb6de4063be6fac9012e2 25547206 otrs2_6.0.24.orig.tar.bz2 6e3ff079b620bd7e23d304165650e0c588da6e9fe05dac0c4cb6629b51ceb21f 30372 otrs2_6.0.24-1.debian.tar.xz 23b1bfa868683dcc4b0f1d01507b8fa63ba9fcdaa123c1d65214f3e0d71a2993 5608 otrs2_6.0.24-1_source.buildinfo Files: 3e85cb3820609f57206e15d5d7e86e51 1817 non-free/web optional otrs2_6.0.24-1.dsc ca1e79f82db15889ff4ace75e56a9897 25547206 non-free/web optional otrs2_6.0.24.orig.tar.bz2 fc0e843d6f18659d50591f9b350a34bb 30372 non-free/web optional otrs2_6.0.24-1.debian.tar.xz 834afdc6f4d8b31998236a79b3bfd1c2 5608 non-free/web optional otrs2_6.0.24-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl4F1TEACgkQEtmwSpDL 2OQiFg/9EWILVoJsHpFkmpVcH9P4UrjXthj297w2c+HGqNRSlC0HgYHqbVtvGTxl 6DZSHICS7HXpg1RBLmu2MfwCP70+2ob1gsq4g3zP0mGVIWVunU+xGbrjzGST+Osc sKOu1++R1zRC9le6kLyabb6cTQNXuCxqGpWbITs7D8PUW0RsMqjvaVJq1yacNmk5 4OnRl09lkwhvc4VUvwI/Jf0TB0m184T5BFt4s0rLYRQiDLx6jJZiYbAIeXYnmbr0 DURYiRQ17tUuR2qpNqSd/A+mfCpz5tgpNvbiXQ5lmNyKXoapxbzMWpwKg5HPp+4G myq2gR7VsX1lDaM4/gG3yO6RDAxcvtYnXYk9wpkkDRFp4yo5GbVZCxwIXWJryxR3 t+uUgtrq3nRjKdlEZOK4sty4W6s4EbNxJcFVvlyZPDVYo0qgmHHzwi9Cvx4/sI4z IYsseWMU+m0zB81YWHFV7E0Go9JIz0IEplCEO0n6IZgOlqA5AAjom82wbjr3CDzE nW07K/AGSmd7JlG2CNdc+pdnZDIoNhXhb4tKnX4w8jBDlYRaSJFbMxn0Pjfh2ggt cHoKsJB7j73GlEiPhxkh5bHejnv7bQNQMSbNkxbUeVHNNdUasjL8F+shpugj8xqP TOd7ptmps9lR3dgBkn7WYA71sqx1+AxNJRq/gBXibJkYKW2EQvw= =E6Xx -----END PGP SIGNATURE-----
--- End Message ---
