-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 27 Dec 2019 10:51:52 +0100
Source: otrs2
Architecture: source
Version: 6.0.24-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Closes: 945251
Changes:
otrs2 (6.0.24-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is
logged
into OTRS as an agent is able to list tickets assigned to other agents,
which are in the queue where attacker doesn’t have permissions.
- Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an
endless loop by providing filenames with overly long extensions. This
applies to the PostMaster (sending in email) and also upload (attaching
files to mails, for example).
Closes: #945251
* Add dependency on package libcpan-audit-perl.
* Use the new debhelper-compat notation, and drop the d/compat file.
Checksums-Sha1:
0895760238be4c5f6b7f4bacbe622ed8a73ed1d5 1817 otrs2_6.0.24-1.dsc
ad90df5cec9ee59d3e6a32e542b7957f95adcaa9 25547206 otrs2_6.0.24.orig.tar.bz2
797f243fcc63b66259da0b1965c5e3dfefb9343e 30372 otrs2_6.0.24-1.debian.tar.xz
635df4d5673d7fd55b50ea0545582ba403fc09e6 5608 otrs2_6.0.24-1_source.buildinfo
Checksums-Sha256:
6c53b95c209df8b21e9b466ee773f0cc2f84f5c42b5c29ece27cc2cb53776e6d 1817
otrs2_6.0.24-1.dsc
c5c1486fa3090b5fe4293f710cb4a19905b1b52f0eecb6de4063be6fac9012e2 25547206
otrs2_6.0.24.orig.tar.bz2
6e3ff079b620bd7e23d304165650e0c588da6e9fe05dac0c4cb6629b51ceb21f 30372
otrs2_6.0.24-1.debian.tar.xz
23b1bfa868683dcc4b0f1d01507b8fa63ba9fcdaa123c1d65214f3e0d71a2993 5608
otrs2_6.0.24-1_source.buildinfo
Files:
3e85cb3820609f57206e15d5d7e86e51 1817 non-free/web optional otrs2_6.0.24-1.dsc
ca1e79f82db15889ff4ace75e56a9897 25547206 non-free/web optional
otrs2_6.0.24.orig.tar.bz2
fc0e843d6f18659d50591f9b350a34bb 30372 non-free/web optional
otrs2_6.0.24-1.debian.tar.xz
834afdc6f4d8b31998236a79b3bfd1c2 5608 non-free/web optional
otrs2_6.0.24-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAl4F1TEACgkQEtmwSpDL
2OQiFg/9EWILVoJsHpFkmpVcH9P4UrjXthj297w2c+HGqNRSlC0HgYHqbVtvGTxl
6DZSHICS7HXpg1RBLmu2MfwCP70+2ob1gsq4g3zP0mGVIWVunU+xGbrjzGST+Osc
sKOu1++R1zRC9le6kLyabb6cTQNXuCxqGpWbITs7D8PUW0RsMqjvaVJq1yacNmk5
4OnRl09lkwhvc4VUvwI/Jf0TB0m184T5BFt4s0rLYRQiDLx6jJZiYbAIeXYnmbr0
DURYiRQ17tUuR2qpNqSd/A+mfCpz5tgpNvbiXQ5lmNyKXoapxbzMWpwKg5HPp+4G
myq2gR7VsX1lDaM4/gG3yO6RDAxcvtYnXYk9wpkkDRFp4yo5GbVZCxwIXWJryxR3
t+uUgtrq3nRjKdlEZOK4sty4W6s4EbNxJcFVvlyZPDVYo0qgmHHzwi9Cvx4/sI4z
IYsseWMU+m0zB81YWHFV7E0Go9JIz0IEplCEO0n6IZgOlqA5AAjom82wbjr3CDzE
nW07K/AGSmd7JlG2CNdc+pdnZDIoNhXhb4tKnX4w8jBDlYRaSJFbMxn0Pjfh2ggt
cHoKsJB7j73GlEiPhxkh5bHejnv7bQNQMSbNkxbUeVHNNdUasjL8F+shpugj8xqP
TOd7ptmps9lR3dgBkn7WYA71sqx1+AxNJRq/gBXibJkYKW2EQvw=
=E6Xx
-----END PGP SIGNATURE-----
