Ubuntu
otrs2 package

Change logs for otrs2 source package in Eoan

  1. Eoan (19.10)
  2. Change log 
  • otrs2 (6.0.20-1) unstable; urgency=medium

  * New upstream release.
  * Bump Standards-Version to 4.4.0.

 -- Patrick Matthäi <email address hidden>  Fri, 12 Jul 2019 10:13:22 +0200
  • otrs2 (6.0.19-1) unstable; urgency=medium

  * New upstream release.
    - Fixes OSA-2019-08, also known as CVE-2019-12248: An attacker could send a
      malicious email to an OTRS system. If a logged in agent user quotes it,
      the email could cause the browser to load external image resources.
    - Fixes OSA-2019-09, also known as CVE-2019-12497: In the customer or
      external frontend, personal information of agents can be disclosed like
      name and mail address in external notes.
  * Merge 6.0.16-2 changelog.

 -- Patrick Matthäi <email address hidden>  Thu, 06 Jun 2019 10:45:46 +0200
  • otrs2 (6.0.18-1) unstable; urgency=high

  * New upstream release.
    - Fixes OSA-2019-06, also known as CVE-2019-10066: An attacker who is logged
      into OTRS as an agent with appropriate permissions may create a carefully
      crafted calendar appointment in order to cause execution of JavaScript in
      the context of OTRS.
    - Fixes OSA-2019-05, also known as CVE-2019-10067: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may manipulate the
      URL to cause execution of JavaScript in the context of OTRS.
    - Fixes OSA-2019-04, also known as CVE-2019-9892: An attacker who is logged
      into OTRS as an agent user with appropriate permissions may try to import
      carefully crafted Report Statistics XML that will result in reading of
      arbitrary files of OTRS filesystem.

 -- Patrick Matthäi <email address hidden>  Fri, 26 Apr 2019 11:00:38 +0200
  • otrs2 (6.0.17-1) unstable; urgency=medium

  * New upstream release.
    - Fixes OSA-2019-03: An attacker who is logged into OTRS as an admin user
      may manipulate the URL to cause execution of JavaScript in the context
      of OTRS.

 -- Patrick Matthäi <email address hidden>  Fri, 08 Mar 2019 14:49:17 +0100
  • otrs2 (6.0.16-1) unstable; urgency=high

  * New upstream release.
    - This release fixes OSA-2019-01: An attacker who is logged into OTRS as an
      agent or a customer user may upload a carefully crafted resource in order
      to cause execution of JavaScript in the context of OTRS.
  * Bump debian/compat to level 12.

 -- Patrick Matthäi <email address hidden>  Fri, 18 Jan 2019 13:16:27 +0100