Bug#945251: otrs2: CVE-2019-18179 CVE-2019-18180

2019-11-22 Thread Patrick Matthäi
block #945251 by #945004
thanks

Am 21.11.2019 um 22:44 schrieb Salvatore Bonaccorso:
> Source: otrs2
> Version: 6.0.23-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> The following vulnerabilities were published for otrs2
>
> CVE-2019-18179[0] and CVE-2019-18180[1].
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2019-18179
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18179
> 
> https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
> [1] https://security-tracker.debian.org/tracker/CVE-2019-18180
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18180
> 
> https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore

Hi,

current otrs releases require an additional module, where I filled a RFP
for.

You are free to do new uploads (upstream releases, nmu etc), since I am
on vac now

-- 
/*
Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatth...@debian.org
patr...@linux-dev.org
*/



Bug#945251: otrs2: CVE-2019-18179 CVE-2019-18180

2019-11-21 Thread Salvatore Bonaccorso
Source: otrs2
Version: 6.0.23-2
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerabilities were published for otrs2

CVE-2019-18179[0] and CVE-2019-18180[1].

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-18179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18179

https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
[1] https://security-tracker.debian.org/tracker/CVE-2019-18180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18180

https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore