Your message dated Mon, 12 Jun 2017 18:02:08 +0000 with message-id <e1dktfe-000aut...@fasolo.debian.org> and subject line Bug#864319: fixed in otrs2 3.3.9-3+deb8u1 has caused the Debian Bug report #864319, regarding CVE-2017-9324 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 864319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: otrs Severity: grave Tags: security Hi, details are sparse on this one, could you get in touch with upstream to isolate this to the change in question? https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: otrs2 Source-Version: 3.3.9-3+deb8u1 We believe that the bug you reported is fixed in the latest version of otrs2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 864...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 07 Jun 2017 11:17:23 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.9-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi <pmatth...@debian.org> Changed-By: Patrick Matthäi <pmatth...@debian.org> Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Closes: 864319 Changes: otrs2 (3.3.9-3+deb8u1) jessie-security; urgency=high . * Add patch 17-CVE-2017-9324: This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with agent permission is capable by opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. Closes: #864319 Checksums-Sha1: 9d73ea0fcd46c5b1059d3f99a4db6a1c71e765ec 1799 otrs2_3.3.9-3+deb8u1.dsc f699a67446def027f044bb55425eaab8f124ed2a 20457443 otrs2_3.3.9.orig.tar.bz2 03aaf53adabcd728a7b2a283a803ac4384670ced 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz 666ab7678f685d09b8f119dbcbd1ecc3867d35ce 5666094 otrs2_3.3.9-3+deb8u1_all.deb 9c6ca6b8da1b4659451f6c9d0dd8ff5e8e93e2c4 184044 otrs_3.3.9-3+deb8u1_all.deb Checksums-Sha256: 3a2a5d2ed5e5a3eb8e668f09741039a1c7dfe2d86f18ce7d672ed00a2f931f5a 1799 otrs2_3.3.9-3+deb8u1.dsc feb22e5a760b17d8d856c9adb348d453996454eee8c5bfa66a54202e90ce3803 20457443 otrs2_3.3.9.orig.tar.bz2 2c12b687221ecaa9fa61da4f39d298696a9e57d14253614b42e440417e459cef 45292 otrs2_3.3.9-3+deb8u1.debian.tar.xz 0f14b1205db0c4e3575a55e0a1c62ed5b46c049a14f4c418f0671c912d366fe0 5666094 otrs2_3.3.9-3+deb8u1_all.deb c02bb85a0c1a8acaf0ff025935e2b1b7dead61726c140371de1fde1c5bed960b 184044 otrs_3.3.9-3+deb8u1_all.deb Files: ec0135c212a0d13284721a7a1b291c16 1799 web optional otrs2_3.3.9-3+deb8u1.dsc 93f3139e573dce3d592719f3d1562ea7 20457443 web optional otrs2_3.3.9.orig.tar.bz2 24ecc2ee96dfce9e9df132fbacbfc0a0 45292 web optional otrs2_3.3.9-3+deb8u1.debian.tar.xz 13d608451e83901d3ff6eb28dee2e0b9 5666094 web optional otrs2_3.3.9-3+deb8u1_all.deb e256cd2766acbe304865b00718a9921e 184044 web optional otrs_3.3.9-3+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZOSrrAAoJEBLZsEqQy9jkLEYQAKfpL+43JHRaWOHHByp2bPsI vcmXN192EtNeS7OMUrgHQwdMf++7F6PyUw+Y22chO7x2TUN2PMY9/YN8oYdCuHz2 rPHwsr9KegSLtZeZQOHX48fh470MV44vI2VDawVXpIjzx9l+xJuh5hApRzxjn8kh 3DxRvYidvSEAdE9ab1vR/HHmrii2uBdMldX8Zxi8yJ+Y/h2UQw+A3HNcdmunW5Ob Sadxq226gUHBkHA0NAeVmY3PCw+KWTZnU3GugFDJCcoUoHxSkW0AQ6Cl/uYnFC8p E1rluLAMOFNAL6WDbZLudQvo3wolk/3We44DBkFQ4uTsLHKea8Oygf/BofxbWJ3W jJYavbV6BEHXg/UVaGvXLzuzmguNTxtTQrQy8IGhv31DpBWQJdvfmAwp/lECECiX YOxbF4TVc9bgIIoufZ/cDLWZM6DxKsw+xVZjcwWP5MBLwVBGsFZTV7iYQfJpjmOI VOiJNG/6oiaSCWTBotCKzZ9mcle0SP3F0mIPbPF39ZJTMEVDPpbDHtxoFNAwUnU2 2U4eyKU6wsn8tJP6fFbMwp1m5loXTIac9eSteLeGbunSrYEfLqPVBWa/oI3U1+5k fUd5HdclY16ZFE2POUAMDtBUM9nYNy8tYqJH+/1uCLrrLgO7MFeU8GoihhqxEM6Z /tJYWhhDIV+FzXKCi+sB =UI1z -----END PGP SIGNATURE-----
--- End Message ---
