Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Hi Martin, Martin Schulze wrote: +- SoryBy = 'Age', # Owner|CustomerID|State|Ticket|Queue|Priority|Age ++ SortBy = 'Age', # Owner|CustomerID|State|Ticket|Queue|Priority|Age Could you... err... explain the change? I have obviously missed that change. I do not have time to recheck the package now, sorry. Regards, Torsten begin:vcard fn:Torsten Werner n:Werner;Torsten email;internet:[EMAIL PROTECTED] x-mozilla-html:FALSE url:http://www.twerner42.de/ version:2.1 end:vcard
Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Moritz Muehlenhoff wrote: What's the status of an update for stable? I have provide a fix over 2 months ago but I did not hear anything from the security team. Regards, Torsten begin:vcard fn:Torsten Werner n:Werner;Torsten email;internet:[EMAIL PROTECTED] x-mozilla-html:FALSE url:http://www.twerner42.de/ version:2.1 end:vcard
Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Torsten Werner wrote: Moritz Muehlenhoff wrote: What's the status of an update for stable? I have provide a fix over 2 months ago but I did not hear anything from the security team. Hmm. I only find my complaints but no response from you. However, the packages on master are better now. However^2, I accidently found: +- SoryBy = 'Age', # Owner|CustomerID|State|Ticket|Queue|Priority|Age ++ SortBy = 'Age', # Owner|CustomerID|State|Ticket|Queue|Priority|Age Could you... err... explain the change? I'll accept the package nevertheless, though, since it's only this and the last hunk of the changelog change. Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Torsten Werner wrote: OTRS is vulnerable to several SQL injection and Cross-Site-Scripting vulnerabilities. Please see here for more information: http://otrs.org/advisory/OSA-2005-01-en/ http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt The new upstream version 1.3.3 fixes all these problems. I know that already. The upstream author is preparing a patch for 1.3.2-01. What's the status of an update for stable? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Package: otrs Severity: grave Tags: security Justification: user security hole OTRS is vulnerable to several SQL injection and Cross-Site-Scripting vulnerabilities. Please see here for more information: http://otrs.org/advisory/OSA-2005-01-en/ http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt The new upstream version 1.3.3 fixes all these problems. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
Moritz Muehlenhoff schrieb: OTRS is vulnerable to several SQL injection and Cross-Site-Scripting vulnerabilities. Please see here for more information: http://otrs.org/advisory/OSA-2005-01-en/ http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt The new upstream version 1.3.3 fixes all these problems. I know that already. The upstream author is preparing a patch for 1.3.2-01. Regards, Torsten -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]