-
otrs2 (6.0.5-1) unstable; urgency=medium
* New upstream release.
- Rewrite patch 03-backup.
-- Patrick Matthäi <email address hidden> Thu, 15 Feb 2018 10:36:17 +0100
-
otrs2 (6.0.4-1) unstable; urgency=medium
* New upstream release.
* Add dependency on libclass-accessor-lite-perl.
Closes: #887518
* Bump Standards-Version to 4.1.3 (no changes required).
* Bump debian/compat to level 11.
* Temporary install Sisimai Perl module to work around #887514 until this
module is packaged.
* Adjust otrs2.docs installation.
* Adjust lintian overrides.
-- Patrick Matthäi <email address hidden> Wed, 24 Jan 2018 14:49:12 +0100
-
otrs2 (6.0.3-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-10, also known as CVE-2017-17476: A session hijacking
vulnerability.
Closes: #884801
* Merge 3.3.18-1+deb8u3, 3.3.18-1+deb8u4, 5.0.16-1+deb9u4 and 5.0.16-1+deb9u5
changelog.
* Bump Standards-Version to 4.1.2 (no changes required).
-- Patrick Matthäi <email address hidden> Wed, 20 Dec 2017 09:25:55 +0100
-
otrs2 (6.0.2-1) unstable; urgency=high
* New upstream release.
- This release fixes OSA-2017-08, also known as CVE-2017-16854.
- Refresh patch 06-no-installer.
* Merge 5.0.16-1+deb9u4 changelog.
-- Patrick Matthäi <email address hidden> Thu, 07 Dec 2017 14:05:54 +0100
-
otrs2 (6.0.1-1) unstable; urgency=low
* New upstream release.
- Remove patch 02-dbupdate-as-root.
- Rewrite patch 03-backup.
- Rewrite patch 04-opt.
- Rewrite patch 06-no-installer.
- Rewrite patch 07-otrs-business-check.
- Rewrite patch 09-disable-DashboardProductNotify.
- Rewrite patch 11-do-not-test-file-writes.
- Rewrite patch 12-font-paths.
- Remove now useless empty directories for SQL upgrade scripts.
- Add new dependencies libcrypt-ssleay-perl, libxml-simple-perl,
libxml-libxml-simple-perl and libdatetime-perl.
* Merge 5.0.24-1~bpo9+1 changelog.
* Rename patch 14-font-paths to 12-font-paths.
* Do not use yui-compressor anymore.
* Remove deprecated otrs2.maintscript.
* Remove deprecated MySQL upgrade notice from README.Debian.
* Remove deprecated replaces and breaks from debian/control.
* Adjust fonts-font-awesome paths.
* Adjust debian/copyright.
* Adjust source-contains-prebuilt-javascript-object lintian overrides.
* Remove deprecated database scripts and install new 6.0 ones.
* Add patch 02-deactivate-cron-migrate to disable the automatic cronjob
migration on upgrading from version 5.
* Kill otrs.Daemon processes on purge before trying to delete the user.
* Reorder packaging.
* Add new Config/Backups directory.
-- Patrick Matthäi <email address hidden> Fri, 01 Dec 2017 11:43:12 +0100
-
otrs2 (5.0.24-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
logged into OTRS as an agent can request special URLs from OTRS which can
lead to the execution of shell commands with the permissions of the web
server user.
Closes: #882370
* Merge 3.3.18-1+deb8u1, 3.3.18-1+deb8u2, 5.0.16-1+deb9u2, 5.0.16-1+deb9u3
and 5.0.23-1~bpo9+1 changelog.
* Use secure URI in debian/watch and for the homepage field.
* Bump Standards-Version to 4.1.1 (no changes required).
-- Patrick Matthäi <email address hidden> Wed, 22 Nov 2017 16:33:29 +0100
-
otrs2 (5.0.23-1) unstable; urgency=high
* New upstream release.
- This fixes OSA-2017-04, also known as CVE-2017-14635: An attacker who is
logged into OTRS as an agent with write permissions for statistics can
inject arbitrary code into the system. This can lead to serious problems
like privilege escalation, data loss, and denial of service.
Closes: #876462
- Refresh patch 07-otrs-business-check.
- Refresh patch 09-disable-DashboardProductNotify.
- Refresh patch 11-do-not-test-file-writes.
- Refresh patch 14-font-paths.
* Bump Standards-Version to 4.1.0 (no changes required).
-- Patrick Matthäi <email address hidden> Thu, 28 Sep 2017 10:42:32 +0200
