[ubuntu/zesty-security] otrs2 5.0.16-1+deb9u3build0.17.04.1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Tue Nov 28 16:28:16 UTC 2017

otrs2 (5.0.16-1+deb9u3build0.17.04.1) zesty-security; urgency=medium

  * fake sync from Debian

otrs2 (5.0.16-1+deb9u3) stretch-security; urgency=high

  * Add patch 17-CVE-2017-16664:
    This fixes OSA-2017-07, also known as CVE-2017-16664: An attacker who is
    logged into OTRS as an agent can request special URLs from OTRS which can
    lead to the execution of shell commands with the permissions of the web
    server user.
    Closes: #882370

Date: 2017-11-28 16:03:24.262745+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Zesty-changes mailing list