Thanks Martin.
Mark
On Apr 17, 2007, at 12:46 AM, Martin Edenhofer wrote:
Hi Mark,
just use this patch. It's against OTRS 1.3.2 and will fix the security
problem. :)
http://users.otrs.com/~me/otrs-1.3.2-OSA-2005-01-patch.diff
Greetings from Germany,
Martin Edenhofer
((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing
Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18
http://www.otrs.com/ :: Communication with success!
Mark D. Wallace schrieb:
Ok, I think i've found where the security changes in 1.3.2 were
made. In
the release notes it states:
1.3.3 (2005-10-20)
- (2005/10/17) added security bugfix for missing SQL quote
And I believe the file that the changes were made in is System/DB.pm.
I would kindly ask that any developer that worked on this verify
where
the changes were made to fix the security problems with 1.3.2. We are
going to upgrade our installation eventually, but we have made a
number
of customizations that will take a while to migrate, so in the
meantime
we need to patch our version of 1.3.2. Thanks for your help.
Mark
On Apr 12, 2007, at 5:41 PM, Mark D. Wallace wrote:
We are running 1.3.2 and have made many mods to the code all the
way
to the system files. The issues related to security in 1.3.2 are
a top
issue for us now. I would like to know if there is a set of patches
that can fix this problem for OTRS 1.3.2, or are there other
suggestions that would expedite getting our installation secure as
soon as possible.
Thanks,
Mark Wallace
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
