Ubuntu
otrs2 package

otrs2 6.0.18-1 source package in Ubuntu

Changelog

otrs2 (6.0.18-1) unstable; urgency=high

  * New upstream release.
    - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
      into OTRS as an agent with appropriate permissions may create a carefully
      crafted calendar appointment in order to cause execution of JavaScript in
      the context of OTRS.
    - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may manipulate the
      URL to cause execution of JavaScript in the context of OTRS.
    - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may try to import
      carefully crafted Report Statistics XML that will result in reading of
      arbitrary files of OTRS filesystem.

 -- Patrick Matthäi <email address hidden>  Fri, 26 Apr 2019 11:00:38 +0200

Upload details

Uploaded by:
Patrick Matthäi
Uploaded to:
Sid
Original maintainer:
Patrick Matthäi
Architectures:
all
Section:
misc
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Eoan: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
otrs2_6.0.18-1.dsc 1.8 KiB 8b93217debd6f1727a7a0744fe3a7e819e5ca9f8501e01a37b2e6b88c1f34e86
otrs2_6.0.18.orig.tar.bz2 23.9 MiB 278b791fdbcc25dcf2bf8de3f81a5b8b72ba16f08eb5a28b69a24604ad999f6b
otrs2_6.0.18-1.debian.tar.xz 29.1 KiB 156bd880d84c795999c45b6f94475c944985b9ae1ceff39b762fa6012412ad52

Available diffs

No changes file available.

Binary packages built by this source

otrs: No summary available for otrs in ubuntu eoan.

No description available for otrs in ubuntu eoan.

otrs2: No summary available for otrs2 in ubuntu eoan.

No description available for otrs2 in ubuntu eoan.