lp:debian/squeeze/otrs2
- Get this branch:
- bzr branch lp:debian/squeeze/otrs2
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 42. By Patrick Matthäi <email address hidden>
-
* Add patch 23-security-
osa-2014- 01 which fixes CVE-2014-1694, also known as
OSA-2014-01:
An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.
* Add patch 24-security-osa-2014- 02 which fixes CVE-2014-1471, also known as
OSA-2014-02:
An attacker with a valid customer or agent login could inject SQL in
the ticket search URL. - 41. By Patrick Matthäi <email address hidden>
-
[ Salvatore Bonaccorso ]
* Add 19-security-osa-2012- 03.diff patch.
CVE-2012-4751: Fix XSS vulnerability. An attacker could send a specially
prepared HTML email to OTRS which would cause JavaScript code to be
executed in users browser while displaying the email.
* Add 20-security-osa-2013- 01.diff.
CVE-2013-2625: Fix privilege escalation in object linking handling. An
attacker with a valid agent login could manipulate URLs in the object
linking mechanism to see titles of tickets and other objects that are
not obliged to be seen. Furthermore, links to objects without permission
can be placed and removed.[ Patrick Matthäi ]
* Add 21-security-osa-2013- 04.diff.
CVE-2013-4088: An attacker with a valid agent login could manipulate URLs
in the ticket watch mechanism to see contents of tickets they are not
permitted to see.
* Add 22-security-osa-2013- 05.diff.
CVE-2013-4717: An attacker with a valid agent login could manipulate URLs
leading to SQL injection. - 40. By Patrick Matthäi <email address hidden>
-
* Add upstream patch 17-security-
osa-2012- 01 from OSA-2012-01, which fixes a
XSS vulnerability described in CVE-2012-2582 when using the Internet
Explorer on viewing e-mails.
* Add upstream patch 18-security-tag-nesting to improve HTML security to
detect tag nasting. - 39. By Patrick Matthäi <email address hidden>
-
[ Thomas Mueller ]
* Add security patch:
- 16-security-osa-2011- 01.diff
* Title: Several XSS attacks possible
* CVE: CVE-2011-1518
* Upstream information: http://otrs.org/ advisory/ OSA-2011- 01-en/ [ Patrick Matthäi ]
* Fix bug with upgrades from Lenny to Squeeze, because of an missing sanity
check in preinst.
Closes: #625605 - 38. By Patrick Matthäi <email address hidden>
-
* Change debian/watch, to only show 2.x.x releases.
* Do not rely on umask. Set the needed mode explicitly in debian/postinst. - 37. By Patrick Matthäi <email address hidden>
-
* Fix an error (unknown command in postinst) with initial installations, if
postgres is used as backend. Thanks to Munroe Sollog for providing
additional information.
* ZZZAuto.pm is not available with new installations, where OTRS later fails.
Again much thanks to Munroe Sollog for helping to debug and test it!
Closes: #601734 - 36. By Patrick Matthäi <email address hidden>
-
* New upstream release.
- Fixes a XSS attack in AgentTicketZoom from HTML e-mails described in
OSA-2010-03. - 35. By Patrick Matthäi <email address hidden>
-
* New upstream bugfix releases.
- Refreshed patches 13-dont-chown-links. diff and 05-opt.diff.
- Fixes multiple XSS and denial of service vulnerabilities mentioned in
OSA-2010-02. - 34. By Patrick Matthäi <email address hidden>
-
* Strip out yui from the source in the dfsg version.
Closes: #591196
* Depend on libjs-yui and link to this package, instead of using the embedded
yui version. This changes make the flash ticket statistics unuseable!
Closes: #592146 - 33. By Patrick Matthäi <email address hidden>
-
* Bump Standards-Version to 3.9.1 (no changes needed).
* Remove quilt from build depends.
* Move libdbd-mysql-perl | libdbd-pg-perl, libgd-text-perl and
libgd-graph-perl packages from recommends to depends.
Closes: #591003
* Replace hardcoded perl dependency with ${perl:Depends}.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/otrs2