Hello community, here is the log from the commit of package otrs for openSUSE:Factory checked in at 2019-12-29 15:49:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/otrs (Old) and /work/SRC/openSUSE:Factory/.otrs.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "otrs" Sun Dec 29 15:49:43 2019 rev:67 rq:759812 version:6.0.24 Changes: -------- --- /work/SRC/openSUSE:Factory/otrs/otrs.changes 2019-09-05 12:43:38.523463747 +0200 +++ /work/SRC/openSUSE:Factory/.otrs.new.6675/otrs.changes 2019-12-29 15:50:01.275185094 +0100 @@ -1,0 +2,32 @@ +Sat Dec 28 18:16:25 UTC 2019 - ch...@computersalat.de + +- Update 6.0.24 + https://community.otrs.com/otrs-community-edition-6-patch-level-24/ +- fix for boo#1157001 + * (CVE-2019-18180, OSA-2019-15) + Denial of service + OTRS can be put into an endless loop by providing filenames with + overly long extensions. This applies to the PostMaster + (sending in email) and also upload + (attaching files to mails, for example). + * (CVE-2019-18179, OSA-2019-14) + Information Disclosure + An attacker who is logged into OTRS as an agent is able to list + tickets assigned to other agents, which are in the queue where + attacker doesn’t have permissions. + +------------------------------------------------------------------- +Sun Nov 10 13:42:13 UTC 2019 - ch...@computersalat.de + +- Update to 6.0.23 + https://community.otrs.com/otrs-community-edition-6-patch-level-23/ +- fix for boo#1156431 + * (CVE-2019-16375, OSA-2019-13) + Stored XXS + An attacker who is logged into OTRS as an agent or customer user + with appropriate permissions can create a carefully crafted + string containing malicious JavaScript code as an article body. + This malicious code is executed when an agent compose an answer + to the original article. + +------------------------------------------------------------------- @@ -5 +37 @@ - https://community.otrs.com/release-notes-otrs-6-patch-level-22/ + https://community.otrs.com/otrs-community-edition-6-patch-level-22/ Old: ---- itsm-6.0.22.tar.bz2 otrs-6.0.22.tar.bz2 New: ---- itsm-6.0.24.tar.bz2 otrs-6.0.24.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ otrs.spec ++++++ --- /var/tmp/diff_new_pack.Zym75V/_old 2019-12-29 15:50:04.207186431 +0100 +++ /var/tmp/diff_new_pack.Zym75V/_new 2019-12-29 15:50:04.207186431 +0100 @@ -1,7 +1,7 @@ # # spec file for package otrs # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,8 +23,8 @@ Name: otrs -%define otrs_ver 6.0.22 -%define itsm_ver 6.0.22 +%define otrs_ver 6.0.24 +%define itsm_ver 6.0.24 %define itsm_min 6 %define otrs_root /srv/%{name} %define otrsdoc_dir_files AUTHORS* CHANGES* COPYING* CREDITS README* UPGRADING.SUSE doc @@ -245,6 +245,9 @@ # install OTRS base system cp -a . %{buildroot}/${DESTROOT} +# remove SECURITY.md +rm -f %{buildroot}/${DESTROOT}/SECURITY.md + for configFile in .fetchmailrc .mailfilter .procmailrc; do touch %{buildroot}/${DESTROOT}/${configFile} done @@ -387,7 +390,7 @@ %files %defattr(-,root,root,-) -%doc AUTHORS.md CHANGES.md COPYING* README* UPGRADING.SUSE +%doc AUTHORS.md CHANGES.md COPYING* README* SECURITY.md UPGRADING.SUSE %{otrs_root}/ARCHIVE %{otrs_root}/RELEASE %{otrs_root}/.bash_completion ++++++ itsm-6.0.22.tar.bz2 -> itsm-6.0.24.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/itsm-6.0.22.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new.6675/itsm-6.0.24.tar.bz2 differ: char 11, line 1 ++++++ otrs-6.0.22.tar.bz2 -> otrs-6.0.24.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/otrs/otrs-6.0.22.tar.bz2 /work/SRC/openSUSE:Factory/.otrs.new.6675/otrs-6.0.24.tar.bz2 differ: char 11, line 1