On Fri, 22 Sep 2017 16:31:00 +0200 Salvatore Bonaccorso <car...@debian.org> wrote: [...] > Unfortunately the patches are not referenced, so must be researched in > the repository.
I had a look at this issue. I have found https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 which was introduced in version 5.0.23 that fixed the vulnerability. It is the only commit that mentions the keywords agent and statistics but I'm not sure if the commit is sufficient. I suggest to contact upstream about this and ask for a clarification. Regards, Markus
signature.asc
Description: OpenPGP digital signature
