https://bugzilla.wikimedia.org/show_bug.cgi?id=22622
Martin Edenhofer <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #28 from Martin Edenhofer <[email protected]> 2012-09-05 10:38:10 UTC --- Update, I resent the NDA to Philippe now. To close the security issue on OTRS 2.4, you can do the following: a) Disable rich text via sysconfig or: b) install the following package via Admin -> Package Mananager https://github.com/downloads/znuny/Znuny4OTRS-CVE-2012-2582/Znuny4OTRS-CVE-2012-2582-1.2.3.opm and replace the following files: o Kernel/Modules/CustomerTicketAttachment.pm with version 1.17.2.7 http://source.otrs.org/viewvc.cgi/otrs/Kernel/Modules/CustomerTicketAttachment.pm?revision=1.17.2.7&view=co o Kernel/Modules/AgentTicketAttachment.pm with version 1.22.2.7 http://source.otrs.org/viewvc.cgi/otrs/Kernel/Modules/AgentTicketAttachment.pm?revision=1.22.2.7&view=co How can we proceed with the OTRS 3.1 upgrade? Who is the contact person? PS: In case you need more details to the security issues, see http://znuny.com/#!/advisory/ZSA-2012-01 and http://znuny.com/#!/advisory/ZSA-2012-02 -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
