Change log for otrs2 package in Ubuntu
| 1 → 50 of 141 results | First • Previous • Next • Last |
| Deleted in kinetic-release (Reason: (From Debian) [auto-cruft] obsolete source package) |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
otrs2 (6.3.2-1) unstable; urgency=medium * New upstream release. * Adjust lintian overrides. * Rename XS-Autobuild to just Autobuild. -- Patrick Matthäi <email address hidden> Thu, 21 Apr 2022 14:02:59 +0200
Available diffs
- diff from 6.2.2-2 to 6.3.2-1 (27.3 MiB)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
otrs2 (6.2.2-2) unstable; urgency=medium * Execute migration scripts for version 6.2.2. -- Patrick Matthäi <email address hidden> Fri, 17 Dec 2021 09:40:39 +0100
Available diffs
- diff from 6.2.1-1 to 6.2.2-2 (12.0 KiB)
otrs2 (6.2.1-1) unstable; urgency=medium
* New upstream release.
- Adjust installed files.
* Adjust debian/watch URL.
* Adjust lintian overrides.
-- Patrick Matthäi <email address hidden> Fri, 29 Oct 2021 11:44:38 +0200
Available diffs
- diff from 6.1.2-1 to 6.2.1-1 (883.6 KiB)
otrs2 (6.1.2-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2021-36096 and CVE-2021-36094.
Closes: #993846
- Add 6.1.1 database upgrade scripts.
- Remove patch 02-deactivate-cron-migrate.
- Add new dependency libtext-diff-formattedhtml-perl.
* Drop otrs meta package.
* Remove deprecated database upgrade scripts.
* Adjust lintian overrides.
* Use which for test statement in postrm.
-- Patrick Matthäi <email address hidden> Thu, 14 Oct 2021 15:46:42 +0200
Available diffs
- diff from 6.0.32-6 to 6.1.2-1 (1.1 MiB)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
otrs2 (6.0.32-6) unstable; urgency=high
* Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and
CVE-2021-21443.
Closes: #991593
-- Patrick Matthäi <email address hidden> Thu, 05 Aug 2021 10:37:30 +0200
Available diffs
- diff from 6.0.32-5 to 6.0.32-6 (1.9 KiB)
otrs2 (6.0.32-5) unstable; urgency=high
* Add upstream patch 14-ZSA-2021-03: There is a denial of service issue, when
a mail with a special crafted url is received. This can lead to a maxout of
the available server-CPU(s) and can reduce the quality of service or even
bring the system to a halt. This addresses CVE-2021-21439.
Closes: #989992
* Add upstream patch 15-ZSA-2021-06: There is a XSS vulnerability in the
ticket overviews, which can used to extract all kind of information just
by having a e-mail shown in an overview. An attacker can send a prepared
e-mail to the system to trigger the attack. This addresses CVE-2021-21441.
Closes: #989992
-- Patrick Matthäi <email address hidden> Fri, 18 Jun 2021 15:10:23 +0200
Available diffs
- diff from 6.0.32-4 to 6.0.32-5 (3.5 KiB)
otrs2 (6.0.32-4) unstable; urgency=high
* Add upstream patch to update jquery-validate from version 1.16.0 to 1.19.3.
This fixes CVE-2021-21252.
Closes: #980891
-- Patrick Matthäi <email address hidden> Wed, 05 May 2021 10:36:52 +0200
Available diffs
- diff from 6.0.32-2 to 6.0.32-4 (6.9 KiB)
otrs2 (6.0.32-2) unstable; urgency=medium * Uploading to unstable. -- Patrick Matthäi <email address hidden> Tue, 02 Mar 2021 20:08:29 +0100
Available diffs
- diff from 6.0.30-2 to 6.0.32-2 (3.9 MiB)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
otrs2 (6.0.30-2) unstable; urgency=medium * Bump Standards-Version to 4.5.1. * Update debian/watch file standard to version 4. * Adjust lintian overrides. -- Patrick Matthäi <email address hidden> Thu, 19 Nov 2020 14:59:19 +0100
Available diffs
- diff from 6.0.30-1 to 6.0.30-2 (913 bytes)
otrs2 (6.0.30-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-11023 and CVE-2020-11022, also known as OSA-2020-14: OTRS
uses jquery version 3.4.1, which is vulnerable to cross-site scripting
(XSS).
* Adjust lintian overrides.
-- Patrick Matthäi <email address hidden> Mon, 12 Oct 2020 10:31:12 +0200
Available diffs
- diff from 6.0.29-1 to 6.0.30-1 (461.5 KiB)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
otrs2 (6.0.29-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1776, also known as OSA-2020-13: When an agent user is
renamed or set to invalid the session belonging to the user is kept
active. The session can not be used to access ticket data in the case the
agent is invalid.
* Add missing dependency on libmoo-perl.
* Adjust many lintian overrides.
* Replace shebangs with /usr/bin/perl.
* Don't install examples anymore.
-- Patrick Matthäi <email address hidden> Tue, 21 Jul 2020 10:25:01 +0200
Available diffs
- diff from 6.0.28-2 to 6.0.29-1 (331.2 KiB)
otrs2 (6.0.28-2) unstable; urgency=medium
* Replace old ttf-dejavu dependencies with fonts-dejavu-extra and adjust the
paths to the fonts.
Closes: #961390
-- Patrick Matthäi <email address hidden> Tue, 02 Jun 2020 10:07:56 +0200
Available diffs
- diff from 6.0.28-1 to 6.0.28-2 (866 bytes)
otrs2 (6.0.28-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1774, also known as OSA-2020-11: When user downloads PGP or
S/MIME keys/certificates, exported file has same name for private and
public keys. Therefore it’s possible to mix them and to send private key
to the third-party instead of public key.
Closes: #959448
* Add new dependency libmath-random-secure-perl.
* Upgrade to debhelper-compat 13.
-- Patrick Matthäi <email address hidden> Mon, 04 May 2020 13:32:51 +0200
Available diffs
- diff from 6.0.27-1 to 6.0.28-1 (2.5 MiB)
otrs2 (6.0.27-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1773, also known as OSA-2020-10: It is possible that an
authenticated user guess other session IDs based on its own. Also it is
possible to guess a password reset token or an automated password
generated.
-- Patrick Matthäi <email address hidden> Tue, 31 Mar 2020 10:46:34 +0200
Available diffs
- diff from 6.0.26-1 to 6.0.27-1 (276.4 KiB)
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
otrs2 (6.0.26-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2019-11358, also known as OSA-2020-05: OTRS use jquery version
3.2.1, which is vulnerable to the prototype pollution attack.
-- Patrick Matthäi <email address hidden> Fri, 07 Feb 2020 15:27:15 +0100
Available diffs
- diff from 6.0.25-3 to 6.0.26-1 (458.7 KiB)
otrs2 (6.0.25-3) unstable; urgency=high * New version with pre-built binaries. -- Patrick Matthäi <email address hidden> Fri, 31 Jan 2020 09:20:15 +0100
Available diffs
- diff from 6.0.25-2 to 6.0.25-3 (307 bytes)
otrs2 (6.0.25-2) unstable; urgency=medium * Adjust lintian overrides. * Bump Standards-Version to 4.5.0. -- Patrick Matthäi <email address hidden> Thu, 23 Jan 2020 16:33:10 +0100
Available diffs
- diff from 6.0.25-1 to 6.0.25-2 (856 bytes)
otrs2 (6.0.25-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1767, also known as OSA-2020-03: Agent A is able to save a
draft (i.e. for customer reply). Then Agent B can open the draft, change
the text completely and send it in the name of Agent A. For the customer
it will not be visible that the message was sent by another agent.
-- Patrick Matthäi <email address hidden> Mon, 20 Jan 2020 11:21:00 +0100
Available diffs
- diff from 6.0.24-1 to 6.0.25-1 (140.1 KiB)
otrs2 (6.0.24-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2019-18179, also known as OSA-2019-14: An attacker who is logged
into OTRS as an agent is able to list tickets assigned to other agents,
which are in the queue where attacker doesn’t have permissions.
- Fixes CVE-2019-18180, also known as OSA-2019-15: OTRS can be put into an
endless loop by providing filenames with overly long extensions. This
applies to the PostMaster (sending in email) and also upload (attaching
files to mails, for example).
Closes: #945251
* Add dependency on package libcpan-audit-perl.
* Use the new debhelper-compat notation, and drop the d/compat file.
-- Patrick Matthäi <email address hidden> Fri, 27 Dec 2019 10:51:52 +0100
Available diffs
- diff from 6.0.23-2 to 6.0.24-1 (81.8 KiB)
otrs2 (6.0.23-2) unstable; urgency=medium * Build binary packages. -- Patrick Matthäi <email address hidden> Fri, 11 Oct 2019 10:20:09 +0200
Available diffs
- diff from 6.0.20-1 to 6.0.23-2 (330.8 KiB)
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
otrs2 (6.0.20-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.4.0. -- Patrick Matthäi <email address hidden> Fri, 12 Jul 2019 10:13:22 +0200
Available diffs
- diff from 6.0.19-1 to 6.0.20-1 (579.9 KiB)
otrs2 (6.0.19-1) unstable; urgency=medium
* New upstream release.
- Fixes OSA-2019-08, also known as CVE-2019-12248: An attacker could send a
malicious email to an OTRS system. If a logged in agent user quotes it,
the email could cause the browser to load external image resources.
- Fixes OSA-2019-09, also known as CVE-2019-12497: In the customer or
external frontend, personal information of agents can be disclosed like
name and mail address in external notes.
* Merge 6.0.16-2 changelog.
-- Patrick Matthäi <email address hidden> Thu, 06 Jun 2019 10:45:46 +0200
Available diffs
- diff from 6.0.18-1 to 6.0.19-1 (754.2 KiB)
otrs2 (6.0.18-1) unstable; urgency=high
* New upstream release.
- Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
into OTRS as an agent with appropriate permissions may create a carefully
crafted calendar appointment in order to cause execution of JavaScript in
the context of OTRS.
- Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
into OTRS as an agent user with appropriate permissions may manipulate the
URL to cause execution of JavaScript in the context of OTRS.
- Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
into OTRS as an agent user with appropriate permissions may try to import
carefully crafted Report Statistics XML that will result in reading of
arbitrary files of OTRS filesystem.
-- Patrick Matthäi <email address hidden> Fri, 26 Apr 2019 11:00:38 +0200
Available diffs
- diff from 6.0.17-1 to 6.0.18-1 (446.9 KiB)
otrs2 (6.0.17-1) unstable; urgency=medium
* New upstream release.
- Fixes OSA-2019-03: An attacker who is logged into OTRS as an admin user
may manipulate the URL to cause execution of JavaScript in the context
of OTRS.
-- Patrick Matthäi <email address hidden> Fri, 08 Mar 2019 14:49:17 +0100
Available diffs
- diff from 6.0.16-1 to 6.0.17-1 (310.8 KiB)
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
otrs2 (6.0.16-1) unstable; urgency=high
* New upstream release.
- This release fixes OSA-2019-01: An attacker who is logged into OTRS as an
agent or a customer user may upload a carefully crafted resource in order
to cause execution of JavaScript in the context of OTRS.
* Bump debian/compat to level 12.
-- Patrick Matthäi <email address hidden> Fri, 18 Jan 2019 13:16:27 +0100
Available diffs
- diff from 6.0.15-1 to 6.0.16-1 (343.8 KiB)
otrs2 (6.0.15-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.3.0. -- Patrick Matthäi <email address hidden> Thu, 27 Dec 2018 11:59:21 +0100
Available diffs
- diff from 6.0.14-1 to 6.0.15-1 (392.7 KiB)
otrs2 (6.0.14-1) unstable; urgency=high
* New upstream release.
- Fixes OSA-2018-10: Users updating to OTRS 6.0.13 (also patchlevel updates)
or 5.0.31 (only major updates) will experience data loss in their agent
preferences table.
-- Patrick Matthäi <email address hidden> Thu, 15 Nov 2018 11:15:54 +0100
Available diffs
- diff from 6.0.13-1 to 6.0.14-1 (6.4 KiB)
otrs2 (6.0.13-1) unstable; urgency=high
* New upstream release.
- Fixes OSA-2018-07: An attacker who is logged into OTRS as a user may
manipulate the submission form to cause deletion of arbitrary files that
the OTRS web server user has write access to.
- Fixes OSA-2018-08: An attacker who is logged into OTRS as an admin user
may manipulate the URL to cause execution of JavaScript in the context of
OTRS.
- Fixes OSA-2018-09: An attacker who is logged into OTRS as an admin user
may manipulate the URL to cause execution of JavaScript in the context of
OTRS.
* Correct instructions to use the package manager.
Closes: #909160
* Merge 6.0.12-1~bpo9+1 and 5.0.16-1+deb9u6 changelog.
-- Patrick Matthäi <email address hidden> Fri, 09 Nov 2018 10:22:44 +0100
Available diffs
- diff from 6.0.12-1 to 6.0.13-1 (447.5 KiB)
otrs2 (6.0.12-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2018-17883, also known as OSA-2018-06: An attacker could send
an email with a malicious link to an OTRS system or an agent. If a logged
in agent opens this link, it could cause the execution of JavaScript in
the context of OTRS.
* Add XS-Autobuild yes to debian/control.
* Adjust lintian overrides.
* Correct 6.0.11-1 changelog about the fixed CVEs.
* Merge 6.0.11-1~bpo9+1 changelog.
* Remove extra documentation files.
-- Patrick Matthäi <email address hidden> Tue, 09 Oct 2018 12:00:19 +0200
Available diffs
- diff from 6.0.11-1 to 6.0.12-1 (2.3 MiB)
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
otrs2 (6.0.11-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2018-16586, also known as OSA-2018-04: An attacker could send a
malicious email to an OTRS system. If a user with admin permissions opens
it, it causes deletions of arbitrary files that the OTRS web server user
has write access to.
* Bump Standards-Version to 4.2.1.
* Correct outdated SetPermissions example in README.Debian.
Closes: #909160
-- Patrick Matthäi <email address hidden> Fri, 21 Sep 2018 16:21:29 +0200
Available diffs
- diff from 6.0.10-1 to 6.0.11-1 (382.2 KiB)
otrs2 (6.0.10-1) unstable; urgency=medium * New upstream release. * Merge 6.0.9-1~bpo9+1 changelog. -- Patrick Matthäi <email address hidden> Tue, 31 Jul 2018 10:31:17 +0200
Available diffs
- diff from 6.0.9-1 to 6.0.10-1 (37.1 KiB)
otrs2 (6.0.9-1) unstable; urgency=medium
* New upstream release.
* Do not run the database upgrade script in non-interactive mode, because
a working database upgrade requires some questions and answers about the
used timezone.
* Correct Backups directory permissions before calling setup_database.
* Bump Standards-Version to 4.1.5.
* Adjust lintian overrides.
* Add non-free disclaimer to debian/copyright.
-- Patrick Matthäi <email address hidden> Thu, 26 Jul 2018 14:46:46 +0200
Available diffs
- diff from 6.0.8-1 to 6.0.9-1 (236.2 KiB)
otrs2 (6.0.8-1) unstable; urgency=medium * New upstream release. -- Patrick Matthäi <email address hidden> Tue, 12 Jun 2018 10:59:58 +0200
Available diffs
- diff from 6.0.7-1 to 6.0.8-1 (295.0 KiB)
otrs2 (6.0.7-1) unstable; urgency=medium
* New upstream release.
* Use new libsisimai-perl Debian package.
Closes: #887514
* Bump Standards-Version to 4.1.4.
* OTRS 6.x is compatible with GPG2.
Closes: #890544
-- Patrick Matthäi <email address hidden> Mon, 07 May 2018 16:35:31 +0200
Available diffs
- diff from 6.0.6-1 to 6.0.7-1 (444.3 KiB)
otrs2 (6.0.6-1) unstable; urgency=medium * New upstream release. * Correct renamed lintian tag. * Move lintian-overrides file to source directory. -- Patrick Matthäi <email address hidden> Thu, 15 Mar 2018 15:38:44 +0100
Available diffs
- diff from 6.0.5-1 to 6.0.6-1 (288.1 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
otrs2 (6.0.5-1) unstable; urgency=medium
* New upstream release.
- Rewrite patch 03-backup.
-- Patrick Matthäi <email address hidden> Thu, 15 Feb 2018 10:36:17 +0100
Available diffs
- diff from 6.0.4-1 to 6.0.5-1 (330.0 KiB)
otrs2 (6.0.4-1) unstable; urgency=medium
* New upstream release.
* Add dependency on libclass-accessor-lite-perl.
Closes: #887518
* Bump Standards-Version to 4.1.3 (no changes required).
* Bump debian/compat to level 11.
* Temporary install Sisimai Perl module to work around #887514 until this
module is packaged.
* Adjust otrs2.docs installation.
* Adjust lintian overrides.
-- Patrick Matthäi <email address hidden> Wed, 24 Jan 2018 14:49:12 +0100
Available diffs
- diff from 6.0.3-1 to 6.0.4-1 (471.2 KiB)
otrs2 (6.0.3-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-10, also known as CVE-2017-17476: A session hijacking
vulnerability.
Closes: #884801
* Merge 3.3.18-1+deb8u3, 3.3.18-1+deb8u4, 5.0.16-1+deb9u4 and 5.0.16-1+deb9u5
changelog.
* Bump Standards-Version to 4.1.2 (no changes required).
-- Patrick Matthäi <email address hidden> Wed, 20 Dec 2017 09:25:55 +0100
Available diffs
- diff from 6.0.2-1 to 6.0.3-1 (142.4 KiB)
otrs2 (6.0.2-1) unstable; urgency=high
* New upstream release.
- This release fixes OSA-2017-08, also known as CVE-2017-16854.
- Refresh patch 06-no-installer.
* Merge 5.0.16-1+deb9u4 changelog.
-- Patrick Matthäi <email address hidden> Thu, 07 Dec 2017 14:05:54 +0100
Available diffs
- diff from 6.0.1-1 to 6.0.2-1 (429.7 KiB)
otrs2 (6.0.1-1) unstable; urgency=low
* New upstream release.
- Remove patch 02-dbupdate-as-root.
- Rewrite patch 03-backup.
- Rewrite patch 04-opt.
- Rewrite patch 06-no-installer.
- Rewrite patch 07-otrs-business-check.
- Rewrite patch 09-disable-DashboardProductNotify.
- Rewrite patch 11-do-not-test-file-writes.
- Rewrite patch 12-font-paths.
- Remove now useless empty directories for SQL upgrade scripts.
- Add new dependencies libcrypt-ssleay-perl, libxml-simple-perl,
libxml-libxml-simple-perl and libdatetime-perl.
* Merge 5.0.24-1~bpo9+1 changelog.
* Rename patch 14-font-paths to 12-font-paths.
* Do not use yui-compressor anymore.
* Remove deprecated otrs2.maintscript.
* Remove deprecated MySQL upgrade notice from README.Debian.
* Remove deprecated replaces and breaks from debian/control.
* Adjust fonts-font-awesome paths.
* Adjust debian/copyright.
* Adjust source-contains-prebuilt-javascript-object lintian overrides.
* Remove deprecated database scripts and install new 6.0 ones.
* Add patch 02-deactivate-cron-migrate to disable the automatic cronjob
migration on upgrading from version 5.
* Kill otrs.Daemon processes on purge before trying to delete the user.
* Reorder packaging.
* Add new Config/Backups directory.
-- Patrick Matthäi <email address hidden> Fri, 01 Dec 2017 11:43:12 +0100
Available diffs
- diff from 5.0.24-1 to 6.0.1-1 (21.0 MiB)
otrs2 (5.0.16-1+deb9u3build0.17.04.1) zesty-security; urgency=medium * fake sync from Debian
otrs2 (5.0.24-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
logged into OTRS as an agent can request special URLs from OTRS which can
lead to the execution of shell commands with the permissions of the web
server user.
Closes: #882370
* Merge 3.3.18-1+deb8u1, 3.3.18-1+deb8u2, 5.0.16-1+deb9u2, 5.0.16-1+deb9u3
and 5.0.23-1~bpo9+1 changelog.
* Use secure URI in debian/watch and for the homepage field.
* Bump Standards-Version to 4.1.1 (no changes required).
-- Patrick Matthäi <email address hidden> Wed, 22 Nov 2017 16:33:29 +0100
Available diffs
- diff from 5.0.23-1 to 5.0.24-1 (158.1 KiB)
otrs2 (5.0.16-1+deb9u2build0.17.04.1) zesty-security; urgency=medium * fake sync from Debian
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
otrs2 (5.0.23-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
logged into OTRS as an agent with write permissions for statistics can
inject arbitrary code into the system. This can lead to serious problems
like privilege escalation, data loss, and denial of service.
Closes: #876462
- Refresh patch 07-otrs-business-check.
- Refresh patch 09-disable-DashboardProductNotify.
- Refresh patch 11-do-not-test-file-writes.
- Refresh patch 14-font-paths.
* Bump Standards-Version to 4.1.0 (no changes required).
-- Patrick Matthäi <email address hidden> Thu, 28 Sep 2017 10:42:32 +0200
Available diffs
- diff from 5.0.22-1 to 5.0.23-1 (173.8 KiB)
otrs2 (5.0.22-1) unstable; urgency=medium
* New upstream release.
* Merge 5.0.21-1~bpo9+1 changelog.
* Add dependency on libmodule-refresh-perl.
* Bump debian/compat to level 10.
* Override embedded-javascript-library lintian warnings. The libraries are
not replaceable with the Debian versions.
-- Patrick Matthäi <email address hidden> Wed, 02 Aug 2017 09:57:31 +0200
Available diffs
- diff from 5.0.21-1 to 5.0.22-1 (44.2 KiB)
otrs2 (5.0.21-1) unstable; urgency=medium * New upstream release. * Bump Standards-Version to 4.0.0 (no changes required). -- Patrick Matthäi <email address hidden> Tue, 18 Jul 2017 15:35:45 +0200
Available diffs
- diff from 5.0.20-1 to 5.0.21-1 (172.7 KiB)
otrs2 (5.0.20-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
agent permission is capable by opening a specific URL in a browser to
gain administrative privileges / full access. Afterward, all system
settings can be read and changed.
Closes: #864319
* Remove obsolete symlink for jquery-ui.
Closes: #864175
* Merge 3.3.9-3+deb8u1 and 5.0.16-1+deb9u1 changelog.
-- Patrick Matthäi <email address hidden> Thu, 08 Jun 2017 10:39:18 +0200
Available diffs
- diff from 5.0.19-1 to 5.0.20-1 (336.5 KiB)
otrs2 (5.0.19-1) unstable; urgency=low * New upstream release. * Uploading to unstable. -- Patrick Matthäi <email address hidden> Tue, 09 May 2017 09:35:01 +0200
Available diffs
- diff from 5.0.17-1 to 5.0.19-1 (508.1 KiB)
otrs2 (5.0.17-1) unstable; urgency=low * New upstream release. * Merge 5.0.16-1~bpo8+1 changelog. -- Patrick Matthäi <email address hidden> Thu, 09 Mar 2017 14:56:10 +0100
Available diffs
- diff from 5.0.16-1 to 5.0.17-1 (761.5 KiB)
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
otrs2 (5.0.16-1) unstable; urgency=low
* New upstream release.
- Refresh patch 09-disable-DashboardProductNotify.
- Refresh patch 14-font-paths.
-- Patrick Matthäi <email address hidden> Tue, 24 Jan 2017 12:31:59 +0100
Available diffs
- diff from 5.0.15-1 to 5.0.16-1 (324.5 KiB)
| 1 → 50 of 141 results | First • Previous • Next • Last |
