Change log for otrs2 package in Ubuntu

150 of 141 results
Deleted in kinetic-release (Reason: (From Debian) [auto-cruft] obsolete source package)
Deleted in kinetic-proposed (Reason: Moved to kinetic)
otrs2 (6.3.2-1) unstable; urgency=medium

  * New upstream release.
  * Adjust lintian overrides.
  * Rename XS-Autobuild to just Autobuild.

 -- Patrick Matthäi <email address hidden>  Thu, 21 Apr 2022 14:02:59 +0200

Available diffs

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
otrs2 (6.2.2-2) unstable; urgency=medium

  * Execute migration scripts for version 6.2.2.

 -- Patrick Matthäi <email address hidden>  Fri, 17 Dec 2021 09:40:39 +0100

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
otrs2 (6.2.1-1) unstable; urgency=medium

  * New upstream release.
    - Adjust installed files.
  * Adjust debian/watch URL.
  * Adjust lintian overrides.

 -- Patrick Matthäi <email address hidden>  Fri, 29 Oct 2021 11:44:38 +0200

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
otrs2 (6.1.2-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2021-36096 and CVE-2021-36094.
      Closes: #993846
    - Add 6.1.1 database upgrade scripts.
    - Remove patch 02-deactivate-cron-migrate.
    - Add new dependency libtext-diff-formattedhtml-perl.
  * Drop otrs meta package.
  * Remove deprecated database upgrade scripts.
  * Adjust lintian overrides.
  * Use which for test statement in postrm.

 -- Patrick Matthäi <email address hidden>  Thu, 14 Oct 2021 15:46:42 +0200

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
otrs2 (6.0.32-6) unstable; urgency=high

  * Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and
    CVE-2021-21443.
    Closes: #991593

 -- Patrick Matthäi <email address hidden>  Thu, 05 Aug 2021 10:37:30 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
otrs2 (6.0.32-5) unstable; urgency=high

  * Add upstream patch 14-ZSA-2021-03: There is a denial of service issue, when
    a mail with a special crafted url is received. This can lead to a maxout of
    the available server-CPU(s) and can reduce the quality of service or even
    bring the system to a halt. This addresses CVE-2021-21439.
    Closes: #989992
  * Add upstream patch 15-ZSA-2021-06: There is a XSS vulnerability in the
    ticket overviews, which can used to extract all kind of information just
    by having a e-mail shown in an overview. An attacker can send a prepared
    e-mail to the system to trigger the attack. This addresses CVE-2021-21441.
    Closes: #989992

 -- Patrick Matthäi <email address hidden>  Fri, 18 Jun 2021 15:10:23 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
otrs2 (6.0.32-4) unstable; urgency=high

  * Add upstream patch to update jquery-validate from version 1.16.0 to 1.19.3.
    This fixes CVE-2021-21252.
    Closes: #980891

 -- Patrick Matthäi <email address hidden>  Wed, 05 May 2021 10:36:52 +0200

Available diffs

Superseded in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
otrs2 (6.0.32-2) unstable; urgency=medium

  * Uploading to unstable.

 -- Patrick Matthäi <email address hidden>  Tue, 02 Mar 2021 20:08:29 +0100

Available diffs

Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
otrs2 (6.0.30-2) unstable; urgency=medium

  * Bump Standards-Version to 4.5.1.
  * Update debian/watch file standard to version 4.
  * Adjust lintian overrides.

 -- Patrick Matthäi <email address hidden>  Thu, 19 Nov 2020 14:59:19 +0100

Available diffs

Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
otrs2 (6.0.30-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2020-11023 and CVE-2020-11022, also known as OSA-2020-14: OTRS
      uses jquery version 3.4.1, which is vulnerable to cross-site scripting
      (XSS).
  * Adjust lintian overrides.

 -- Patrick Matthäi <email address hidden>  Mon, 12 Oct 2020 10:31:12 +0200

Available diffs

Superseded in hirsute-release
Obsolete in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
otrs2 (6.0.29-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2020-1776, also known as OSA-2020-13: When an agent user is
      renamed or set to invalid the session belonging to the user is kept
      active. The session can not be used to access ticket data in the case the
      agent is invalid.
  * Add missing dependency on libmoo-perl.
  * Adjust many lintian overrides.
  * Replace shebangs with /usr/bin/perl.
  * Don't install examples anymore.

 -- Patrick Matthäi <email address hidden>  Tue, 21 Jul 2020 10:25:01 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
otrs2 (6.0.28-2) unstable; urgency=medium

  * Replace old ttf-dejavu dependencies with fonts-dejavu-extra and adjust the
    paths to the fonts.
    Closes: #961390

 -- Patrick Matthäi <email address hidden>  Tue, 02 Jun 2020 10:07:56 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
otrs2 (6.0.28-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2020-1774, also known as OSA-2020-11: When user downloads PGP or
      S/MIME keys/certificates, exported file has same name for private and
      public keys. Therefore it’s possible to mix them and to send private key
      to the third-party instead of public key.
      Closes: #959448
  * Add new dependency libmath-random-secure-perl.
  * Upgrade to debhelper-compat 13.

 -- Patrick Matthäi <email address hidden>  Mon, 04 May 2020 13:32:51 +0200

Available diffs

Superseded in groovy-release
Deleted in groovy-proposed (Reason: moved to Release)
otrs2 (6.0.27-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2020-1773, also known as OSA-2020-10: It is possible that an
      authenticated user guess other session IDs based on its own. Also it is
      possible to guess a password reset token or an automated password
      generated.

 -- Patrick Matthäi <email address hidden>  Tue, 31 Mar 2020 10:46:34 +0200

Available diffs

Superseded in groovy-release
Published in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.26-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2019-11358, also known as OSA-2020-05: OTRS use jquery version
      3.2.1, which is vulnerable to the prototype pollution attack.

 -- Patrick Matthäi <email address hidden>  Fri, 07 Feb 2020 15:27:15 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.25-3) unstable; urgency=high

  * New version with pre-built binaries.

 -- Patrick Matthäi <email address hidden>  Fri, 31 Jan 2020 09:20:15 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.25-2) unstable; urgency=medium

  * Adjust lintian overrides.
  * Bump Standards-Version to 4.5.0.

 -- Patrick Matthäi <email address hidden>  Thu, 23 Jan 2020 16:33:10 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.25-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2020-1767, also known as OSA-2020-03: Agent A is able to save a
      draft (i.e. for customer reply). Then Agent B can open the draft, change
      the text completely and send it in the name of Agent A. For the customer
      it will not be visible that the message was sent by another agent.

 -- Patrick Matthäi <email address hidden>  Mon, 20 Jan 2020 11:21:00 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.24-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is logged
      into OTRS as an agent is able to list tickets assigned to other agents,
      which are in the queue where attacker doesn’t have permissions.
    - Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an
      endless loop by providing filenames with overly long extensions. This
      applies to the PostMaster (sending in email) and also upload (attaching
      files to mails, for example).
      Closes: #945251
  * Add dependency on package libcpan-audit-perl.
  * Use the new debhelper-compat notation, and drop the d/compat file.

 -- Patrick Matthäi <email address hidden>  Fri, 27 Dec 2019 10:51:52 +0100

Available diffs

Superseded in focal-release
Deleted in focal-proposed (Reason: moved to Release)
otrs2 (6.0.23-2) unstable; urgency=medium

  * Build binary packages.

 -- Patrick Matthäi <email address hidden>  Fri, 11 Oct 2019 10:20:09 +0200

Available diffs

Superseded in focal-release
Obsolete in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
otrs2 (6.0.20-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.4.0.

 -- Patrick Matthäi <email address hidden>  Fri, 12 Jul 2019 10:13:22 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
otrs2 (6.0.19-1) unstable; urgency=medium

  * New upstream release.
    - Fixes OSA-2019-08, also known as CVE-2019-12248: An attacker could send a
      malicious email to an OTRS system. If a logged in agent user quotes it,
      the email could cause the browser to load external image resources.
    - Fixes OSA-2019-09, also known as CVE-2019-12497: In the customer or
      external frontend, personal information of agents can be disclosed like
      name and mail address in external notes.
  * Merge 6.0.16-2 changelog.

 -- Patrick Matthäi <email address hidden>  Thu, 06 Jun 2019 10:45:46 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
otrs2 (6.0.18-1) unstable; urgency=high

  * New upstream release.
    - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
      into OTRS as an agent with appropriate permissions may create a carefully
      crafted calendar appointment in order to cause execution of JavaScript in
      the context of OTRS.
    - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may manipulate the
      URL to cause execution of JavaScript in the context of OTRS.
    - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may try to import
      carefully crafted Report Statistics XML that will result in reading of
      arbitrary files of OTRS filesystem.

 -- Patrick Matthäi <email address hidden>  Fri, 26 Apr 2019 11:00:38 +0200

Available diffs

Superseded in eoan-release
Deleted in eoan-proposed (Reason: moved to release)
otrs2 (6.0.17-1) unstable; urgency=medium

  * New upstream release.
    - Fixes OSA-2019-03: An attacker who is logged into OTRS as an admin user
      may manipulate the URL to cause execution of JavaScript in the context
      of OTRS.

 -- Patrick Matthäi <email address hidden>  Fri, 08 Mar 2019 14:49:17 +0100

Available diffs

Superseded in eoan-release
Obsolete in disco-release
Deleted in disco-proposed (Reason: moved to release)
otrs2 (6.0.16-1) unstable; urgency=high

  * New upstream release.
    - This release fixes OSA-2019-01: An attacker who is logged into OTRS as an
      agent or a customer user may upload a carefully crafted resource in order
      to cause execution of JavaScript in the context of OTRS.
  * Bump debian/compat to level 12.

 -- Patrick Matthäi <email address hidden>  Fri, 18 Jan 2019 13:16:27 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
otrs2 (6.0.15-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.3.0.

 -- Patrick Matthäi <email address hidden>  Thu, 27 Dec 2018 11:59:21 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
otrs2 (6.0.14-1) unstable; urgency=high

  * New upstream release.
    - Fixes OSA-2018-10: Users updating to OTRS 6.0.13 (also patchlevel updates)
      or 5.0.31 (only major updates) will experience data loss in their agent
      preferences table.

 -- Patrick Matthäi <email address hidden>  Thu, 15 Nov 2018 11:15:54 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
otrs2 (6.0.13-1) unstable; urgency=high

  * New upstream release.
    - Fixes OSA-2018-07: An attacker who is logged into OTRS as a user may
      manipulate the submission form to cause deletion of arbitrary files that
      the OTRS web server user has write access to.
    - Fixes OSA-2018-08: An attacker who is logged into OTRS as an admin user
      may manipulate the URL to cause execution of JavaScript in the context of
      OTRS.
    - Fixes OSA-2018-09: An attacker who is logged into OTRS as an admin user
      may manipulate the URL to cause execution of JavaScript in the context of
      OTRS.
  * Correct instructions to use the package manager.
    Closes: #909160
  * Merge 6.0.12-1~bpo9+1 and 5.0.16-1+deb9u6 changelog.

 -- Patrick Matthäi <email address hidden>  Fri, 09 Nov 2018 10:22:44 +0100

Available diffs

Superseded in disco-release
Deleted in disco-proposed (Reason: moved to release)
otrs2 (6.0.12-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2018-17883, also known as OSA-2018-06: An attacker could send
      an email with a malicious link to an OTRS system or an agent. If a logged
      in agent opens this link, it could cause the execution of JavaScript in
      the context of OTRS.
  * Add XS-Autobuild yes to debian/control.
  * Adjust lintian overrides.
  * Correct 6.0.11-1 changelog about the fixed CVEs.
  * Merge 6.0.11-1~bpo9+1 changelog.
  * Remove extra documentation files.

 -- Patrick Matthäi <email address hidden>  Tue, 09 Oct 2018 12:00:19 +0200

Available diffs

Superseded in disco-release
Obsolete in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.11-1) unstable; urgency=high

  * New upstream release.
    - Fixes CVE-2018-16586, also known as OSA-2018-04: An attacker could send a
      malicious email to an OTRS system. If a user with admin permissions opens
      it, it causes deletions of arbitrary files that the OTRS web server user
      has write access to.
  * Bump Standards-Version to 4.2.1.
  * Correct outdated SetPermissions example in README.Debian.
    Closes: #909160

 -- Patrick Matthäi <email address hidden>  Fri, 21 Sep 2018 16:21:29 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.10-1) unstable; urgency=medium

  * New upstream release.
  * Merge 6.0.9-1~bpo9+1 changelog.

 -- Patrick Matthäi <email address hidden>  Tue, 31 Jul 2018 10:31:17 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.9-1) unstable; urgency=medium

  * New upstream release.
  * Do not run the database upgrade script in non-interactive mode, because
    a working database upgrade requires some questions and answers about the
    used timezone.
  * Correct Backups directory permissions before calling setup_database.
  * Bump Standards-Version to 4.1.5.
  * Adjust lintian overrides.
  * Add non-free disclaimer to debian/copyright.

 -- Patrick Matthäi <email address hidden>  Thu, 26 Jul 2018 14:46:46 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.8-1) unstable; urgency=medium

  * New upstream release.

 -- Patrick Matthäi <email address hidden>  Tue, 12 Jun 2018 10:59:58 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.7-1) unstable; urgency=medium

  * New upstream release.
  * Use new libsisimai-perl Debian package.
    Closes: #887514
  * Bump Standards-Version to 4.1.4.
  * OTRS 6.x is compatible with GPG2.
    Closes: #890544

 -- Patrick Matthäi <email address hidden>  Mon, 07 May 2018 16:35:31 +0200

Available diffs

Superseded in cosmic-release
Deleted in cosmic-proposed (Reason: moved to release)
otrs2 (6.0.6-1) unstable; urgency=medium

  * New upstream release.
  * Correct renamed lintian tag.
  * Move lintian-overrides file to source directory.

 -- Patrick Matthäi <email address hidden>  Thu, 15 Mar 2018 15:38:44 +0100

Available diffs

Superseded in cosmic-release
Published in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (6.0.5-1) unstable; urgency=medium

  * New upstream release.
    - Rewrite patch 03-backup.

 -- Patrick Matthäi <email address hidden>  Thu, 15 Feb 2018 10:36:17 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (6.0.4-1) unstable; urgency=medium

  * New upstream release.
  * Add dependency on libclass-accessor-lite-perl.
    Closes: #887518
  * Bump Standards-Version to 4.1.3 (no changes required).
  * Bump debian/compat to level 11.
  * Temporary install Sisimai Perl module to work around #887514 until this
    module is packaged.
  * Adjust otrs2.docs installation.
  * Adjust lintian overrides.

 -- Patrick Matthäi <email address hidden>  Wed, 24 Jan 2018 14:49:12 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (6.0.3-1) unstable; urgency=high

  * New upstream release.
    - This fixes OSA-2017-10, also known as CVE-2017-17476: A session hijacking
      vulnerability.
      Closes: #884801
  * Merge 3.3.18-1+deb8u3, 3.3.18-1+deb8u4, 5.0.16-1+deb9u4 and 5.0.16-1+deb9u5
    changelog.
  * Bump Standards-Version to 4.1.2 (no changes required).

 -- Patrick Matthäi <email address hidden>  Wed, 20 Dec 2017 09:25:55 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (6.0.2-1) unstable; urgency=high

  * New upstream release.
    - This release fixes OSA-2017-08, also known as CVE-2017-16854.
    - Refresh patch 06-no-installer.
  * Merge 5.0.16-1+deb9u4 changelog.

 -- Patrick Matthäi <email address hidden>  Thu, 07 Dec 2017 14:05:54 +0100

Available diffs

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (6.0.1-1) unstable; urgency=low

  * New upstream release.
    - Remove patch 02-dbupdate-as-root.
    - Rewrite patch 03-backup.
    - Rewrite patch 04-opt.
    - Rewrite patch 06-no-installer.
    - Rewrite patch 07-otrs-business-check.
    - Rewrite patch 09-disable-DashboardProductNotify.
    - Rewrite patch 11-do-not-test-file-writes.
    - Rewrite patch 12-font-paths.
    - Remove now useless empty directories for SQL upgrade scripts.
    - Add new dependencies libcrypt-ssleay-perl, libxml-simple-perl,
      libxml-libxml-simple-perl and libdatetime-perl.
  * Merge 5.0.24-1~bpo9+1 changelog.
  * Rename patch 14-font-paths to 12-font-paths.
  * Do not use yui-compressor anymore.
  * Remove deprecated otrs2.maintscript.
  * Remove deprecated MySQL upgrade notice from README.Debian.
  * Remove deprecated replaces and breaks from debian/control.
  * Adjust fonts-font-awesome paths.
  * Adjust debian/copyright.
  * Adjust source-contains-prebuilt-javascript-object lintian overrides.
  * Remove deprecated database scripts and install new 6.0 ones.
  * Add patch 02-deactivate-cron-migrate to disable the automatic cronjob
    migration on upgrading from version 5.
  * Kill otrs.Daemon processes on purge before trying to delete the user.
  * Reorder packaging.
  * Add new Config/Backups directory.

 -- Patrick Matthäi <email address hidden>  Fri, 01 Dec 2017 11:43:12 +0100

Available diffs

Obsolete in zesty-updates
Obsolete in zesty-security
otrs2 (5.0.16-1+deb9u3build0.17.04.1) zesty-security; urgency=medium

  * fake sync from Debian

Superseded in bionic-release
Deleted in bionic-proposed (Reason: moved to release)
otrs2 (5.0.24-1) unstable; urgency=high

  * New upstream release.
    - This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
      logged into OTRS as an agent can request special URLs from OTRS which can
      lead to the execution of shell commands with the permissions of the web
      server user.
      Closes: #882370
  * Merge 3.3.18-1+deb8u1, 3.3.18-1+deb8u2, 5.0.16-1+deb9u2, 5.0.16-1+deb9u3
    and 5.0.23-1~bpo9+1 changelog.
  * Use secure URI in debian/watch and for the homepage field.
  * Bump Standards-Version to 4.1.1 (no changes required).

 -- Patrick Matthäi <email address hidden>  Wed, 22 Nov 2017 16:33:29 +0100

Available diffs

Superseded in zesty-updates
Superseded in zesty-security
otrs2 (5.0.16-1+deb9u2build0.17.04.1) zesty-security; urgency=medium

  * fake sync from Debian

Superseded in bionic-release
Obsolete in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.23-1) unstable; urgency=high

  * New upstream release.
    - This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
      logged into OTRS as an agent with write permissions for statistics can
      inject arbitrary code into the system. This can lead to serious problems
      like privilege escalation, data loss, and denial of service.
      Closes: #876462
    - Refresh patch 07-otrs-business-check.
    - Refresh patch 09-disable-DashboardProductNotify.
    - Refresh patch 11-do-not-test-file-writes.
    - Refresh patch 14-font-paths.
  * Bump Standards-Version to 4.1.0 (no changes required).

 -- Patrick Matthäi <email address hidden>  Thu, 28 Sep 2017 10:42:32 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.22-1) unstable; urgency=medium

  * New upstream release.
  * Merge 5.0.21-1~bpo9+1 changelog.
  * Add dependency on libmodule-refresh-perl.
  * Bump debian/compat to level 10.
  * Override embedded-javascript-library lintian warnings. The libraries are
    not replaceable with the Debian versions.

 -- Patrick Matthäi <email address hidden>  Wed, 02 Aug 2017 09:57:31 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.21-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.0.0 (no changes required).

 -- Patrick Matthäi <email address hidden>  Tue, 18 Jul 2017 15:35:45 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.20-1) unstable; urgency=high

  * New upstream release.
    - This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
      agent permission is capable by opening a specific URL in a browser to
      gain administrative privileges / full access. Afterward, all system
      settings can be read and changed.
      Closes: #864319
  * Remove obsolete symlink for jquery-ui.
    Closes: #864175
  * Merge 3.3.9-3+deb8u1 and 5.0.16-1+deb9u1 changelog.

 -- Patrick Matthäi <email address hidden>  Thu, 08 Jun 2017 10:39:18 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.19-1) unstable; urgency=low

  * New upstream release.
  * Uploading to unstable.

 -- Patrick Matthäi <email address hidden>  Tue, 09 May 2017 09:35:01 +0200

Available diffs

Superseded in artful-release
Deleted in artful-proposed (Reason: moved to release)
otrs2 (5.0.17-1) unstable; urgency=low

  * New upstream release.
  * Merge 5.0.16-1~bpo8+1 changelog.

 -- Patrick Matthäi <email address hidden>  Thu, 09 Mar 2017 14:56:10 +0100

Available diffs

Superseded in artful-release
Obsolete in zesty-release
Deleted in zesty-proposed (Reason: moved to release)
otrs2 (5.0.16-1) unstable; urgency=low

  * New upstream release.
    - Refresh patch 09-disable-DashboardProductNotify.
    - Refresh patch 14-font-paths.

 -- Patrick Matthäi <email address hidden>  Tue, 24 Jan 2017 12:31:59 +0100

Available diffs

150 of 141 results