Hi Martin,
thank you for information.
Cheers
Chris
Am 28.03.2011 10:52, schrieb Martin Gruner:
Hi Christian,
there was an advisory for another security issue which was fixed in OTRS
2.3.5, but also 2.1.9 and 2.2.9:
http://otrs.org/advisory/OSA-2010-01-en/
Unfortunately, this advisory does not cover the issue described in the
CVE you referenced. However, this issue is related to
scripts/webform.pl, an example file which is not used by default in
OTRS, and therefore not directly vulnerable from outside. For this file,
the issue was also fixed in 2.3.5. As this is just plain perl example
code and not related to the rest of the OTRS code, you can just exchange
this file from a newer version of OTRS, like this version:
http://source.otrs.org/viewvc.cgi/otrs/scripts/webform.pl?view=co&pathrev=rel-3_0
<http://source.otrs.org/viewvc.cgi/otrs/scripts/webform.pl?view=co&pathrev=rel-3_0>
With best regards,
mg
Am 25.03.11 16:16, schrieb Christian:
Hi,
about this issue:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456
will there be a patch for the OTRS: 2.2 branch ?
Thanks for info
Cheers
--
Christian
---------------------------------------------------
Der ultimative shop für Sportbekleidung und Zubehör
http://www.sc24.de
---------------------------------------------------
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
