Bug#864319: marked as done (CVE-2017-9324)

Sun, 11 Jun 2017 12:52:08 -0700 

Your message dated Sun, 11 Jun 2017 19:48:42 +0000
with message-id <[email protected]>
and subject line Bug#864319: fixed in otrs2 5.0.16-1+deb9u1
has caused the Debian Bug report #864319,
regarding CVE-2017-9324
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
864319: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864319
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: otrs
Severity: grave
Tags: security

Hi,
details are sparse on this one, could you get in touch with upstream to
isolate this to the change in question?
https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: otrs2
Source-Version: 5.0.16-1+deb9u1

We believe that the bug you reported is fixed in the latest version of
otrs2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Patrick Matthäi <[email protected]> (supplier of updated otrs2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 08 Jun 2017 10:29:28 +0200
Source: otrs2
Binary: otrs2 otrs
Architecture: source all
Version: 5.0.16-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Patrick Matthäi <[email protected]>
Changed-By: Patrick Matthäi <[email protected]>
Description:
 otrs       - Open Ticket Request System (OTRS 5)
 otrs2      - Open Ticket Request System
Closes: 864319
Changes:
 otrs2 (5.0.16-1+deb9u1) stretch-security; urgency=high
 .
   * Add patch 15-CVE-2017-9324:
     This fixes OSA-2017-03, also known as CVE-2017-9324: An attacker with
     agent permission is capable by opening a specific URL in a browser to
     gain administrative privileges / full access. Afterward, all system
     settings can be read and changed.
     Closes: #864319
Checksums-Sha1:
 d19268a534d845c8a16260fc6235fecc7c7d8802 1824 otrs2_5.0.16-1+deb9u1.dsc
 5538c2b9138a0b6d5816ff034507dd5ce26abf8d 19417591 otrs2_5.0.16.orig.tar.bz2
 8f6f3fe65eec1b84a1ea70563f8f9c8f10fc08f8 45240 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 45390b55957421723baef4604018eed0fac7738b 7051968 otrs2_5.0.16-1+deb9u1_all.deb
 4dfc77eb815c8254e0a50560ecdff38771e5cd54 6139 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 6dde1c754c5dbc52aceedf9ac2eaca69c50ae87d 212870 otrs_5.0.16-1+deb9u1_all.deb
Checksums-Sha256:
 99d1576447f7504fabda26d818565de78824accc6e6d875d22971add012155c4 1824 
otrs2_5.0.16-1+deb9u1.dsc
 ddec039990c1bdfc27299ab175eff3e1665aa99ba48050f7f2dde480b28f4029 19417591 
otrs2_5.0.16.orig.tar.bz2
 6b0bd5ef7755e9b6f40f644dc74fd3c06355902d9f4a2b7708431235236d53d9 45240 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 114f365b1753eaebcc8e96a2087951b97459dd0ed1053e94680dcb36bfd59750 7051968 
otrs2_5.0.16-1+deb9u1_all.deb
 c56d596df0fbf7433dae9d745c5ec753ab8a99dbf649da2c28cc498ce53015a9 6139 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 7c86712b0b47b743f735d1d769433b8854f6cf4513add0787af539b316fbf716 212870 
otrs_5.0.16-1+deb9u1_all.deb
Files:
 9d7699878b9831436e7d7d2b103b7dfa 1824 non-free/web optional 
otrs2_5.0.16-1+deb9u1.dsc
 9fe21e6993bcac71247fdcaf5e1f4e55 19417591 non-free/web optional 
otrs2_5.0.16.orig.tar.bz2
 4ef3dd0e4ad72c19f706895be5eb4d33 45240 non-free/web optional 
otrs2_5.0.16-1+deb9u1.debian.tar.xz
 f783e5c1ed7df4ec8af58f545af27638 7051968 non-free/web optional 
otrs2_5.0.16-1+deb9u1_all.deb
 0cefdce66de561d00adcefe5768a0329 6139 non-free/web optional 
otrs2_5.0.16-1+deb9u1_amd64.buildinfo
 80a3d6e3b32cd1ffd3e4e1d8dca12fd8 212870 non-free/web optional 
otrs_5.0.16-1+deb9u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJZOSrsAAoJEBLZsEqQy9jkUCgQAJW351UJIrCqIq75GaLZJfOt
BB/jUiCmaCQXaOoqAW0771j+EW3WwcxYw48tWxTSWZpmeWDToMphuFddrwTaRZzH
Oc/rbgcm1rgzbIfqpKH4xoDKJqpsjbr/JSuoUA7oAiP1t+H1IOX66RdiFgywiYeD
AG/UmcIWU1KMqvxkVU9+cFyeCBSEWb05FVLBn9wEXt5RRNlFvVmNmRpVRrJkL8we
AS8TF34ppJJEnlCmwLiW1fCXTAFwkpvDtkmbEs+SANr6jkrkF6KA1R3NOGQLBBI0
FmR50SvW++7teSpFCl40FeofHLjtvzFdI2SrwimPTV7QDRTv0pgwQQN1oj99m8Bi
NkqhWev1pNjnkyOCoz1IIQqLkQyssvqj9rjVH8KxQBKAU9t5ttIx62V/I/uY/kJ0
XoWC/lTpu6ZhH4b0aREVxGZfgiValPqEa9dENBreFy3Hpkl3ynIH+knxG7KcFqy2
HUfpgYtX0Q6qH4i4I22Dh3E1+6IybQwozWgGiEDG+FjCepjmv+voy7YbQ0xZ/So1
nRv2A8WejOkPBz6B+RL4frnX7SsqzqcxQhnR0pbLbl4P16xaCMO51I0Bqvjs+59I
CATHM6ScYfDl694LtuScJFGwKP6mhOyVh4yQgWVQdQtrzxJZIKwt0d12wsicU+AV
Mvo+AjVhpKuisRKuPon0
=dxzv
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to