Source: otrs2 Version: 6.0.30-2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for otrs2. CVE-2021-21435[0]: | Article Bcc fields and agent personal information are shown when | customer prints the ticket (PDF) via external interface. This issue | affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x | version 8.0.10 and prior versions. According to [1] it affects as well the 6.0.x versions but there is no mention of a fix in the 6.0.x series yet. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-21435 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21435 [1] https://otrs.com/release-notes/otrs-security-advisory-2021-02/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
