Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2017-12-08 13:02:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otrs" Fri Dec 8 13:02:18 2017 rev:56 rq:555150 version:4.0.27 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2017-11-23 09:44:38.468017092 +0100 +++ /work/SRC/openSUSE:Factory/.otrs.new/otrs.changes 2017-12-08 13:03:19.736811596 +0100 @@ -1,0 +2,16 @@ +Fri Dec 8 01:20:25 UTC 2017 - [email protected] + +- fix for boo#1071797 (CVE-2017-16921, OSA-2017-09) + * Remote code execution: + An attacker who is logged into OTRS as an agent can manipulate + form parameters and execute arbitrary shell commands with the + permissions of the OTRS or web server user. +- fix for boo#1071799 (CVE-2017-16854, OSA-2017-08) + * Information Disclosure: + An attacker who is logged into OTRS as a customer can use the + ticket search form to disclose internal article information + of their customer tickets. +- Update to 4.0.27 + * https://github.com/OTRS/otrs/blob/rel-4_0_27/CHANGES.md + +------------------------------------------------------------------- Old: ---- itsm-4.0.26.tar.bz2 otrs-4.0.26.tar.bz2 New: ---- itsm-4.0.27.tar.bz2 otrs-4.0.27.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.SlpYss/_old 2017-12-08 13:03:24.260648216 +0100 +++ /var/tmp/diff_new_pack.SlpYss/_new 2017-12-08 13:03:24.260648216 +0100 @@ -18,8 +18,8 @@ Name: otrs -%define otrs_ver 4.0.26 -%define itsm_ver 4.0.26 +%define otrs_ver 4.0.27 +%define itsm_ver 4.0.27 %define itsm_min 4 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc ++++++ itsm-4.0.26.tar.bz2 -> itsm-4.0.27.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-4.0.26.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/itsm-4.0.27.tar.bz2 differ: char 11, line 1 ++++++ otrs-4.0.26.tar.bz2 -> otrs-4.0.27.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-4.0.26.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new/otrs-4.0.27.tar.bz2 differ: char 11, line 1
