Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2019-07-23 22:36:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new.4126 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otrs" Tue Jul 23 22:36:08 2019 rev:65 rq:717673 version:6.0.20 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2019-07-02 15:18:23.886740556 +0200 +++ /work/SRC/openSUSE:Factory/.otrs.new.4126/otrs.changes 2019-07-23 22:36:12.958985765 +0200 @@ -1,0 +2,25 @@ +Sat Jul 20 11:26:28 UTC 2019 - ch...@computersalat.de + +- Update to 6.0.20 + https://community.otrs.com/release-notes-otrs-6-patch-level-20/ +- fix for boo#1141432 + * (CVE-2019-13458, OSA-2019-12) + Information Disclosure + An attacker who is logged into OTRS as an agent user with + appropriate permissions can leverage OTRS tags in templates in + order to disclose hashed user passwords. +- fix for boo#1141431 + * (CVE-2019-13457, OSA-2019-11) + Information Disclosure + A customer user can use the search results to disclose information + from their “company” tickets (with the same CustomerID), even when + CustomerDisableCompanyTicketAccess setting is turned on. +- fix for boo#1141430 + * (CVE-2019-12746, OSA-2019-10) + Session ID Disclosure + A user logged into OTRS as an agent might unknowingly disclose + their session ID by sharing the link of an embedded ticket article + with third parties. This identifier can be then potentially abused + in order to impersonate the agent user. + +------------------------------------------------------------------- Old: ---- itsm-6.0.19.tar.bz2 otrs-6.0.19.tar.bz2 New: ---- itsm-6.0.20.tar.bz2 otrs-6.0.20.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.qGNHT2/_old 2019-07-23 22:36:14.982985347 +0200 +++ /var/tmp/diff_new_pack.qGNHT2/_new 2019-07-23 22:36:15.002985343 +0200 @@ -23,8 +23,8 @@ Name: otrs -%define otrs_ver 6.0.19 -%define itsm_ver 6.0.19 +%define otrs_ver 6.0.20 +%define itsm_ver 6.0.20 %define itsm_min 6 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc ++++++ itsm-6.0.19.tar.bz2 -> itsm-6.0.20.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-6.0.19.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new.4126/itsm-6.0.20.tar.bz2 differ: char 11, line 1 ++++++ otrs-6.0.19.tar.bz2 -> otrs-6.0.20.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-6.0.19.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new.4126/otrs-6.0.20.tar.bz2 differ: char 11, line 1