-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : otrs2 Version : 3.1.7+dfsg1-8+deb7u6 CVE ID : CVE-2016-9139 Debian Bug : 843091
A cross-site sripting vulnerability (XSS) was discovered in OTRS, a ticket requesting system for the web. An attacker could trick an authenticated user into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context. This update addresses the vulnerability by setting a strict default HTTP content security policy that forbids loading of third-party files. For Debian 7 "Wheezy", these problems have been fixed in version 3.1.7+dfsg1-8+deb7u6. We recommend that you upgrade your otrs2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -- Jonas Meurer -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlh87zIQHG1lam9AZGVi aWFuLm9yZwAKCRBSYuf/SRBJ/hneEAC12RyZdY1Fcozh7QiojVy+0Q1BDayolxhn r1lWKovdGkiltdMoEMxAKp6ZK92Q2au7yBWAwwpEMiYquQO8SkvSRq9SFKv4Eesr 9zOW11N/tbA2OD5uJBjrpvIDxda5fq9/nByk6MpLN/vzXu5XwUF3HtXFPzRz4M06 ikdVdqJRvAIEpY/84fWRXM0spNB8YPc/SMZwL1l23BCkrc4V4+dnMzNYXvc0fs+Z bVZILaPmirKfOM4+UbZatP+IJKC1HdhIywjgvIIvv8/WKHYrq9SeYhdVGQvyEzxX XgjF4KmN4QbRCGpAFzJnMS6MatHt9i/gaWDBzABOWpyAEt4muYXlKB+JpuR6pDJ1 qHjTzJ8+P2o0blqa2wGpIvjOX7GfyF/lsd9/f532ZWX+WBEcJH9e3tyoNFvsZF8p SF7n4i4VqoDnibnzQsqdTrBI0sIKilpj/vGNU9hE9GfKQ0RC/Yc/4kYHGzkYJI05 hPL/Rk8GYoUpPXNG0EyhnytgOo34hmKrUNKESgDndluCbFTPGOja8xgkz3My4t+d V0jMxpXlAAk26OMSJrSk4ywoMOF+AIYZ5n03pnot8Iei25sCHlAiq7eLKYBDMrUk Vcxb98fMjw/FEKoncIRzkaVxwUp0wlkc7i8+Hm5l4RAZzxVc+LZX+2x0idWDbmvR ALx9iJmz5w== =cRU/ -----END PGP SIGNATURE-----
