Changelog
otrs2 (6.0.13-1) unstable; urgency=high
* New upstream release.
- Fixes OSA-2018-07: An attacker who is logged into OTRS as a user may
manipulate the submission form to cause deletion of arbitrary files that
the OTRS web server user has write access to.
- Fixes OSA-2018-08: An attacker who is logged into OTRS as an admin user
may manipulate the URL to cause execution of JavaScript in the context of
OTRS.
- Fixes OSA-2018-09: An attacker who is logged into OTRS as an admin user
may manipulate the URL to cause execution of JavaScript in the context of
OTRS.
* Correct instructions to use the package manager.
Closes: #909160
* Merge 6.0.12-1~bpo9+1 and 5.0.16-1+deb9u6 changelog.
-- Patrick Matthäi <email address hidden> Fri, 09 Nov 2018 10:22:44 +0100