[ubuntu/zesty-security] otrs2 5.0.16-1+deb9u3build0.17.04.1 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Tue Nov 28 16:28:16 UTC 2017
otrs2 (5.0.16-1+deb9u3build0.17.04.1) zesty-security; urgency=medium
* fake sync from Debian
otrs2 (5.0.16-1+deb9u3) stretch-security; urgency=high
* Add patch 17-CVE-2017-16664:
This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
logged into OTRS as an agent can request special URLs from OTRS which can
lead to the execution of shell commands with the permissions of the web
server user.
Closes: #882370
Date: 2017-11-28 16:03:24.262745+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/otrs2/5.0.16-1+deb9u3build0.17.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Zesty-changes
mailing list