Bug#340352: marked as done (otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities)

Debian Bug Tracking System Tue, 22 Nov 2005 15:03:28 -0800

Your message dated Tue, 22 Nov 2005 23:45:41 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#340352: otrs: Multiple SQL injection and 
Cross-Site-Scripting vulnerabilities
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Nov 2005 22:23:18 +0000
>From [EMAIL PROTECTED] Tue Nov 22 14:23:18 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111] 
helo=vserver151.vserver151.serverflex.de)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EegXm-00034F-0G
        for [EMAIL PROTECTED]; Tue, 22 Nov 2005 14:23:18 -0800
Received: from dslb-082-083-212-250.pools.arcor-ip.net ([82.83.212.250] 
helo=localhost.localdomain)
        by vserver151.vserver151.serverflex.de with esmtpsa 
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
        (Exim 4.50)
        id 1EegXk-0000eZ-Si
        for [EMAIL PROTECTED]; Tue, 22 Nov 2005 23:23:17 +0100
Received: from jmm by localhost.localdomain with local (Exim 4.54)
        id 1EegXb-0001h9-U8; Tue, 22 Nov 2005 23:23:07 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities
X-Mailer: reportbug 3.17
Date: Tue, 22 Nov 2005 23:23:07 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 82.83.212.250
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham 
        version=2.60-bugs.debian.org_2005_01_02

Package: otrs
Severity: grave
Tags: security
Justification: user security hole

OTRS is vulnerable to several SQL injection and Cross-Site-Scripting
vulnerabilities. Please see here for more information:
http://otrs.org/advisory/OSA-2005-01-en/
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt

The new upstream version 1.3.3 fixes all these problems.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)

---------------------------------------
Received: (at 340352-close) by bugs.debian.org; 22 Nov 2005 22:47:34 +0000
>From [EMAIL PROTECTED] Tue Nov 22 14:47:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from moutng.kundenserver.de ([212.227.126.186])
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EegvG-0004XN-AE
        for [EMAIL PROTECTED]; Tue, 22 Nov 2005 14:47:34 -0800
Received: from [87.123.40.188] (helo=[192.168.42.100])
        by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis),
        id 0MKwh2-1EegvF0tCw-0005Ua; Tue, 22 Nov 2005 23:47:33 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 22 Nov 2005 23:45:41 +0100
From: Torsten Werner <[EMAIL PROTECTED]>
Organization: private
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20051002)
X-Accept-Language: de-DE, de, en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Re: Bug#340352: otrs: Multiple SQL injection and Cross-Site-Scripting
 vulnerabilities
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Provags-ID: kundenserver.de [EMAIL PROTECTED] 
login:c71377c073bc7a3d65be7fb93cee7d50
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: otrs
Source-Version: 2.0.4p01-1

Moritz Muehlenhoff schrieb:
> OTRS is vulnerable to several SQL injection and Cross-Site-Scripting
> vulnerabilities. Please see here for more information:
> http://otrs.org/advisory/OSA-2005-01-en/
> http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
> 
> The new upstream version 1.3.3 fixes all these problems.


It is fixed in unstable's version.


Torsten


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#340352: marked as done (otrs: Multiple SQL injection and Cross-Site-Scripting vulnerabilities)

Reply via email to