Hi Mark, just use this patch. It's against OTRS 1.3.2 and will fix the security problem. :)
http://users.otrs.com/~me/otrs-1.3.2-OSA-2005-01-patch.diff Greetings from Germany, Martin Edenhofer ((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18 http://www.otrs.com/ :: Communication with success! Mark D. Wallace schrieb: > Ok, I think i've found where the security changes in 1.3.2 were made. In > the release notes it states: > 1.3.3 (2005-10-20) > - (2005/10/17) added security bugfix for missing SQL quote > > And I believe the file that the changes were made in is System/DB.pm. > > I would kindly ask that any developer that worked on this verify where > the changes were made to fix the security problems with 1.3.2. We are > going to upgrade our installation eventually, but we have made a number > of customizations that will take a while to migrate, so in the meantime > we need to patch our version of 1.3.2. Thanks for your help. > > Mark > > > On Apr 12, 2007, at 5:41 PM, Mark D. Wallace wrote: > >> We are running 1.3.2 and have made many mods to the code all the way >> to the system files. The issues related to security in 1.3.2 are a top >> issue for us now. I would like to know if there is a set of patches >> that can fix this problem for OTRS 1.3.2, or are there other >> suggestions that would expedite getting our installation secure as >> soon as possible. >> >> Thanks, >> Mark Wallace _______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
