Hi, On Thu, Aug 05, 2021 at 11:49:41AM +0200, Moritz Mühlenhoff wrote: > Am Thu, Aug 05, 2021 at 09:19:14AM +0000 schrieb Debian FTP Masters: > > Source: otrs2 > > Source-Version: 6.0.32-6 > > Done: Patrick Matthäi <pmatth...@debian.org> > > > > We believe that the bug you reported is fixed in the latest version of > > otrs2, which is due to be installed in the Debian FTP archive. > > > > A summary of the changes between this version and the previous one is > > attached. > > > > Thank you for reporting the bug, which will now be closed. If you > > have further comments please address them to 991...@bugs.debian.org, > > and the maintainer will reopen the bug report if appropriate. > > > > Debian distribution maintenance software > > pp. > > Patrick Matthäi <pmatth...@debian.org> (supplier of updated otrs2 package) > > > > (This message was generated automatically at their request; if you > > believe that there is a problem with it please contact the archive > > administrators by mailing ftpmas...@ftp-master.debian.org) > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA256 > > > > Format: 1.8 > > Date: Thu, 05 Aug 2021 10:37:30 +0200 > > Source: otrs2 > > Architecture: source > > Version: 6.0.32-6 > > Distribution: unstable > > Urgency: high > > Maintainer: Patrick Matthäi <pmatth...@debian.org> > > Changed-By: Patrick Matthäi <pmatth...@debian.org> > > Closes: 991593 > > Changes: > > otrs2 (6.0.32-6) unstable; urgency=high > > . > > * Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and > > CVE-2021-21443. > > Closes: #991593 > > Hi Patrick, > what about CVE-2021-36092, does that need to be split off to a separate > bug or is znuny as packaged in Debian not affected?
Probably sensible to split up the bug. Comments from upstream on it: https://github.com/znuny/Znuny/issues/105#issuecomment-894013730 Regards, Salvatore
