-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 07 Oct 2019 11:48:10 +0200 Source: otrs2 Architecture: source Version: 6.0.23-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi <pmatth...@debian.org> Changed-By: Patrick Matthäi <pmatth...@debian.org> Changes: otrs2 (6.0.23-1) unstable; urgency=high . * New upstream release. - Fixes CVE-2019-16375, also known as OSA-2019-13: An attacker who is logged into OTRS as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent compose an answer to the original article. - Refresh patch 03-backup. - Rewrite patch 04-opt. - Refresh patch 09-disable-DashboardProductNotify. - Refresh patch 11-do-not-test-file-writes. - Refresh patch 12-font-paths. * Add Rules-Requires-Root no field. * Bump Standards-Version to 4.4.1. Checksums-Sha1: 836d9d6a932078d05ba62205f87306d285bfb6b1 1811 otrs2_6.0.23-1.dsc e3baabf6b4c6105fe41aac7f522398cb166cfafb 25552289 otrs2_6.0.23.orig.tar.bz2 2f0396bf18b9b43b468318009ebb99cfe21b46a1 30116 otrs2_6.0.23-1.debian.tar.xz 3f99ec22d7ccfba62da251e0e7dfc2d148dec92d 5584 otrs2_6.0.23-1_source.buildinfo Checksums-Sha256: 4ebea4c266935af0ca8dba272e273736ab25adab64b5d2b1359bac66ac65db1c 1811 otrs2_6.0.23-1.dsc 54d4124b13e13e782d1b2c527088f84fd7476155c9abc8f3672828f7651d03c7 25552289 otrs2_6.0.23.orig.tar.bz2 8f9925d342d0d3a6be96e38b9915ed531346147e0586e57adfa8a1ec53fb565a 30116 otrs2_6.0.23-1.debian.tar.xz 8f12ec122cf38cfdfde73a6cbda230e210aae4aedf44879b2430a20278df4414 5584 otrs2_6.0.23-1_source.buildinfo Files: ec63dbec0d80b170f23f763e304a63c3 1811 non-free/web optional otrs2_6.0.23-1.dsc 98b174372a8d512e249f41314dbdd258 25552289 non-free/web optional otrs2_6.0.23.orig.tar.bz2 4f2b566f7f595f6b8223c81c839c3579 30116 non-free/web optional otrs2_6.0.23-1.debian.tar.xz 33d12c045fe31345fecd022f8a7c8432 5584 non-free/web optional otrs2_6.0.23-1_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl2bCp8ACgkQEtmwSpDL 2OQIuBAAiTMRX7LKm6fQGDPfs7r6B3HjwW5jyagAY8s5mbsPShOXVBcwAO68uNPg Y9X3TbtpBL6/yn+8xVDedKBE6Ap8q+jKyHurj4AsekV0jrONc3GeD2MZSt+6ldYV yKVUPPnSXlMNtJf6EQ4eTeltaAZr4O3U7zQw2Kfni7c6R1MYtz75+La9Az8ivdaR 24MOIXrFrG3tX/Uq5sJqkq2Beb7mvjXcHYL66grQIgo6gxAqnNcKq1dvWYBdZgVM 4zLbPwRKuqZtsC+hgdqiEFhZPIBhlhMTMQzl0N1ud+4ket1c+DVZmWkiKUYlfjcX DmrEjH8pKkHFaP0ncZG/SNtK56C8TRe1G98zevvzpTRS2grfRyJ8O0pCflguf5nz 1+qtDozKetHl79guesxxLzSLeKNhgPEB3agSImHP+UWgwQ+i7uqBIBZ+THifbxeR H6dGJEfJIW937KhmiAMtUX8n6/qTATTKSb7nDJ+aSETWBXeCZKyXuMXAi2oahDlW jLQH7KOfHcfQdPh1EfNVMCHAWNNOHlPlfPNO7PJoex9W/obBBxdt1EFV+9ent6NG noPc6iUjFN3mcwKubEny768mV27qMYmj9V/0lZRBu3absDCx2jkcjFWiACIQli3s Cw21Y4js2+ZcEFJxkphYzp2qzx2pedJbJlPh3nK2Bj9+kIYlU74= =5HWk -----END PGP SIGNATURE-----