Your message dated Thu, 08 Jun 2017 09:04:57 +0000 with message-id <e1ditnb-0003bw...@fasolo.debian.org> and subject line Bug#864319: fixed in otrs2 5.0.20-1 has caused the Debian Bug report #864319, regarding CVE-2017-9324 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: otrs Severity: grave Tags: security Hi, details are sparse on this one, could you get in touch with upstream to isolate this to the change in question? https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: otrs2 Source-Version: 5.0.20-1 We believe that the bug you reported is fixed in the latest version of otrs2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Jun 2017 10:39:18 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 5.0.20-1 Distribution: unstable Urgency: high Maintainer: Patrick Matthäi <pmatth...@debian.org> Changed-By: Patrick Matthäi <pmatth...@debian.org> Description: otrs - Open Ticket Request System (OTRS 5) otrs2 - Open Ticket Request System Closes: 864175 864319 Changes: otrs2 (5.0.20-1) unstable; urgency=high . * New upstream release. - This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 * Remove obsolete symlink for jquery-ui. Closes: #864175 * Merge 3.3.9-3+deb8u1 and 5.0.16-1+deb9u1 changelog. Checksums-Sha1: b5b8d4318d4a2db5425705a1c80f7aa7be05de74 1796 otrs2_5.0.20-1.dsc 1efa21127c52bd373d561b10b614ea734c7e4299 20638821 otrs2_5.0.20.orig.tar.bz2 9276ed165274dc1e87c2b65b538b84d4ea3e73db 45108 otrs2_5.0.20-1.debian.tar.xz f283cd863715cb853d3e292af2d2670287aeb60e 7395178 otrs2_5.0.20-1_all.deb 2070558974856982941ed9567b311dbbe4198c2e 6590 otrs2_5.0.20-1_amd64.buildinfo 977e595487168963683b28e89d2a492d1076e8d1 218786 otrs_5.0.20-1_all.deb Checksums-Sha256: 689df26f6fd53243df680d581bebc688bb6fbabb318f1520702a502162f11073 1796 otrs2_5.0.20-1.dsc 1dfebd86dc55c7e125593e0bb5307a74217f15e23469fead66e2a4f6e00e27e5 20638821 otrs2_5.0.20.orig.tar.bz2 13a7d5aa0ad90a81fdd50299d085ade3c86ffd4250dc9daa2704a5eb5892851e 45108 otrs2_5.0.20-1.debian.tar.xz 1d2f2bf8dfe2acba58700c3ba8800a4dcab7f907ffe30da406d50281a75b8039 7395178 otrs2_5.0.20-1_all.deb 60dcdced4e73e5c8e214dbb9c232814ac8a28463d635aa48bfe551cdca2c8a02 6590 otrs2_5.0.20-1_amd64.buildinfo db0b7b3537648ef198a12402ed37eed51f81fef4dcd4533d3354a24f46a70211 218786 otrs_5.0.20-1_all.deb Files: 21395469b6756c46e8c9e2d2f3a51884 1796 non-free/web optional otrs2_5.0.20-1.dsc 8d576fb9bf5ae6a779acf360f932bf08 20638821 non-free/web optional otrs2_5.0.20.orig.tar.bz2 e5c00fdea60a29a688aee207f6c2f4bb 45108 non-free/web optional otrs2_5.0.20-1.debian.tar.xz 1d140e5ef9a182a7570355dc839195e8 7395178 non-free/web optional otrs2_5.0.20-1_all.deb 841966c6680c5b6ab7eb5e641bacb8be 6590 non-free/web optional otrs2_5.0.20-1_amd64.buildinfo a764b9713e79d7543874a2ed17648fde 218786 non-free/web optional otrs_5.0.20-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZOQ4sAAoJEBLZsEqQy9jkWC4QAKS11I8dzM9LpkbXCB2hx+a3 d5r1x9UtPBKCURtWNHmOkOHOu9lLfMsW2fIu4yBJ1PBHfKTnt8AKqZeafEQ698kD RXqNLNLnu599kBaPqd5zyGhMG82PWXMCatCw4vDB1+i8y5YKQ28t9iE8fu4WRTO3 ApR9x44SqbQbZLwFdD7CjJM+sGkJ1LU0d3iTDwsGhTTqECZZeLPof10lCsNuQV+Y UPO4EYfJu/cY02u+PilE8O9VXwnuhCziVm47WHouh4C50E4kaGqrIRcBKTz0aofO VziXD19wsxbtwAh0WEmINBhHOYtBySwjHrWfZUzU7BLhFHe/X2WPg5nnkTNXEj0p Gz0jfta+L/H8PQHYNNdP7xhH0eRp6Rlll/T7/XtuoGKXzhHIU9+7wnemAuy91Wpv zcLTpxZ/GTfuWmxwaDnZxNTGsaVNNUGmVdzNyDZ5rCGmxLzFilJ+GiwEJisLXy73 e72DQoojQXSeyB2J7+8wOSW5A9XhfLcsXq0xY+3yeNXsE8Fya+sCwm7gk8eDnCU4 RkbH9d3HNDTo4CcPHwxYFJBB1rojF3ra973s7B9PtW1Yki5fEE+savwKL1Y31adF NH3Wef3G8fxiu/WpD+E34vhg9QpMEsJhDRuhTkcWBTJincwc1KGUWv8UkASvM9bX gIz2Z+tkdBMM+i95a44R =m1Yl -----END PGP SIGNATURE-----
--- End Message ---
