Changelog
otrs2 (6.0.32-5) unstable; urgency=high
* Add upstream patch 14-ZSA-2021-03: There is a denial of service issue, when
a mail with a special crafted url is received. This can lead to a maxout of
the available server-CPU(s) and can reduce the quality of service or even
bring the system to a halt. This addresses CVE-2021-21439.
Closes: #989992
* Add upstream patch 15-ZSA-2021-06: There is a XSS vulnerability in the
ticket overviews, which can used to extract all kind of information just
by having a e-mail shown in an overview. An attacker can send a prepared
e-mail to the system to trigger the attack. This addresses CVE-2021-21441.
Closes: #989992
-- Patrick Matthäi <email address hidden> Fri, 18 Jun 2021 15:10:23 +0200