-
otrs2 (6.0.29-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1776, also known as OSA-2020-13: When an agent user is
renamed or set to invalid the session belonging to the user is kept
active. The session can not be used to access ticket data in the case the
agent is invalid.
* Add missing dependency on libmoo-perl.
* Adjust many lintian overrides.
* Replace shebangs with /usr/bin/perl.
* Don't install examples anymore.
-- Patrick Matthäi <email address hidden> Tue, 21 Jul 2020 10:25:01 +0200
-
otrs2 (6.0.28-2) unstable; urgency=medium
* Replace old ttf-dejavu dependencies with fonts-dejavu-extra and adjust the
paths to the fonts.
Closes: #961390
-- Patrick Matthäi <email address hidden> Tue, 02 Jun 2020 10:07:56 +0200
-
otrs2 (6.0.28-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1774, also known as OSA-2020-11: When user downloads PGP or
S/MIME keys/certificates, exported file has same name for private and
public keys. Therefore it’s possible to mix them and to send private key
to the third-party instead of public key.
Closes: #959448
* Add new dependency libmath-random-secure-perl.
* Upgrade to debhelper-compat 13.
-- Patrick Matthäi <email address hidden> Mon, 04 May 2020 13:32:51 +0200
-
otrs2 (6.0.27-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2020-1773, also known as OSA-2020-10: It is possible that an
authenticated user guess other session IDs based on its own. Also it is
possible to guess a password reset token or an automated password
generated.
-- Patrick Matthäi <email address hidden> Tue, 31 Mar 2020 10:46:34 +0200
-
otrs2 (6.0.26-1) unstable; urgency=high
* New upstream release.
- Fixes CVE-2019-11358, also known as OSA-2020-05: OTRS use jquery version
3.2.1, which is vulnerable to the prototype pollution attack.
-- Patrick Matthäi <email address hidden> Fri, 07 Feb 2020 15:27:15 +0100