-
otrs2 (2.4.9+dfsg1-3+squeeze3build0.11.04.1) natty-security; urgency=low
* fake sync from Debian
otrs2 (2.4.9+dfsg1-3+squeeze3) stable-security; urgency=high
* Add upstream patch 17-security-osa-2012-01 from OSA-2012-01, which fixes a
XSS vulnerability described in CVE-2012-2582 when using the Internet
Explorer on viewing e-mails.
* Add upstream patch 18-security-tag-nesting to improve HTML security to
detect tag nasting.
-- Tyler Hicks <email address hidden> Fri, 07 Sep 2012 09:56:33 -0700
-
otrs2 (2.4.9+dfsg1-3+squeeze1build0.11.04.1) natty-security; urgency=low
* fake sync from Debian
otrs2 (2.4.9+dfsg1-3+squeeze1) stable-security; urgency=high
[ Thomas Mueller ]
* Add security patch:
- 16-security-osa-2011-01.diff
* Title: Several XSS attacks possible
* CVE: CVE-2011-1518
* Upstream information: http://otrs.org/advisory/OSA-2011-01-en/
[ Patrick Matthäi ]
* Fix bug with upgrades from Lenny to Squeeze, because of an missing sanity
check in preinst.
Closes: #625605
-- Jamie Strandboge <email address hidden> Fri, 10 Jun 2011 15:15:09 -0500
-
otrs2 (2.4.9+dfsg1-3) unstable; urgency=low
* Change debian/watch, to only show 2.x.x releases.
* Do not rely on umask. Set the needed mode explicitly in debian/postinst.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 29 Nov 2010 11:25:50 +0000
-
otrs2 (2.4.9+dfsg1-2) unstable; urgency=high
* Fix an error (unknown command in postinst) with initial installations, if
postgres is used as backend. Thanks to Munroe Sollog for providing
additional information.
* ZZZAuto.pm is not available with new installations, where OTRS later fails.
Again much thanks to Munroe Sollog for helping to debug and test it!
Closes: #601734
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 09 Nov 2010 09:45:22 +0000
-
otrs2 (2.4.9+dfsg1-1) unstable; urgency=high
* New upstream release.
- Fixes a XSS attack in AgentTicketZoom from HTML e-mails described in
OSA-2010-03.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 29 Oct 2010 14:30:15 +0000
-
otrs2 (2.4.8+dfsg1-1) unstable; urgency=medium
* New upstream bugfix releases.
- Refreshed patches 13-dont-chown-links.diff and 05-opt.diff.
- Fixes multiple XSS and denial of service vulnerabilities mentioned in
OSA-2010-02.
-- Ubuntu Archive Auto-Sync <email address hidden> Fri, 15 Oct 2010 09:52:59 +0000
-
otrs2 (2.4.7+dfsg1-1) unstable; urgency=high
* Strip out yui from the source in the dfsg version.
Closes: #591196
* Depend on libjs-yui and link to this package, instead of using the embedded
yui version. This changes make the flash ticket statistics unuseable!
Closes: #592146
otrs2 (2.4.7-6) unstable; urgency=high
* Bump Standards-Version to 3.9.1 (no changes needed).
* Remove quilt from build depends.
* Move libdbd-mysql-perl | libdbd-pg-perl, libgd-text-perl and
libgd-graph-perl packages from recommends to depends.
Closes: #591003
* Replace hardcoded perl dependency with ${perl:Depends}.
-- Alessio Treglia <email address hidden> Mon, 09 Aug 2010 19:43:44 +0200
