2013/6/19, Florian Weimer <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-2712-1 [email protected] > http://www.debian.org/security/ Florian Weimer > June 19, 2013 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : otrs2 > Vulnerability : privilege escalation > Problem type : remote > Debian-specific: no > CVE ID : CVE-2013-4088 > > It was discovered that users with a valid agent login could use > crafted URLs to bypass access control restrictions and read tickets to > which they should not have access. > > The oldstable distribution (squeeze) is not affected by this problem. > > For the stable distribution (wheezy), this problem has been fixed in > version 3.1.7+dfsg1-8+deb7u2. > > For the unstable distribution (sid), this problem has been fixed in > version 3.2.8-1. > > We recommend that you upgrade your otrs2 packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: http://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (GNU/Linux) > > iQEcBAEBAgAGBQJRwieBAAoJEL97/wQC1SS+ts0H/0+CgTo3bJpYYjSWmeKj4qbx > m+1nz9qZHfgMGvelcO+dvffji8Y3eYyZDCFOK7zniv7wYQqBV1Hy6V+c2c1twLvU > /VLilRSTv/ktVVQFtCwxhy3meUWw+Ek+OpYutVP1G2ebuWiFbxhppTFlxLBPLfdo > 54dPpF0wNhV+MuHfa/XSj3bUKwqq2rFw0rB+Ce45pNwIQ5RfftoCR2l0+rcUsAv1 > pAJgOVoxEZo+QdIrCPTTtvNervS2vdpzqgwzd3pxt+pwT1eV5ZMtDkes2cCNw5wv > 8Chn4XnxX3ymN4rjBrzfTukCeAz3tNgDoDwpNC+MjUEZzJWy0nyT7WF4In51pUc= > =7Wpc > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: http://lists.debian.org/[email protected] > >
-- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAOuvHztW-L-Mk-=ye=-x5igsevxecmmao0fxvuc+y4gmbpg...@mail.gmail.com
