it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecurityNotifies] [announce] OTRS Security Advisory 2010-03: OTRS 2.4.9 (Aitutaki Beach)
Chronologisch Thread
- From: Hauke Böttcher <hauke.boettcher AT otrs.com>
- To: announce AT otrs.org
- Subject: [IT-SecurityNotifies] [announce] OTRS Security Advisory 2010-03: OTRS 2.4.9 (Aitutaki Beach)
- Date: Mon, 25 Oct 2010 22:47:11 +0200
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
Dear Community Members,
++++++++++ OTRS Security Advisory 2010-03 OTRS 2.4.9 ++++++++++
Release: OTRS 2.4.9
Status: stable
Code Name: Aitutaki Beach
SECURITY FIXES:
===============
===============
---------------------------------------------------------------
---------------------------------------------------------------
ID: OSA-2010-03
Date: 2010-10-25
Title: AgentTicketZoom is vulnerable to XSS attacks from
HTML e-mails
Severity: Less critical
Product: OTRS 2.4.x
Fixed in: OTRS 2.4.9
---------------------------------------------------------------
To read the entire Security Advisory please follow this link:
BUG FIXES:
==========
==========
* Bug#6016 - AgentTicketZoom is vunerable to XSS attacks from HTML
e-mails.
* Bug#5903 - E-mail notification links don't contain <a href…
tags.
* Bug#6030 - Event notifications get's fired several times on
event "TicketFreeTextUpdate".
* Bug#5941 - Error in Apache log occured when no tickets and/or
customers are in the dashboard.
* Bug#5541 - Dashboard Chart generates error in webserver log.
* Bug#5462 - Kernel::System::Ticket::TicketEscalationIndexBuild()
does not invalidate the cache.
* Bug#5667 - Rich Text is not working in ipad. It's not possible
to add a note or close a ticket.
* Bug#5266 - Ticket Zoom shows wrong html content if there is no
text but two html attachments in there.
MD5 CHECKSUMS:
==============
==============
2fcf15fe8a7e7413dd8aa69d0a7420e7
SOFTWARE DOWNLOAD:
===================
Please note that we have relaunched our website www.otrs.com.
The software can now be downloaded exclusively
A complete list of all download mirrors (ftp/http/rsync) is
available at http://otrs.org/download/YOUR CONTRIBUTION:
===================
* Please send information regarding vulnerabilities in OTRS to
* We kindly ask for your assistance to update the translation
files! The current status can be found here:
FEEDBACK & BUG REPORTING:
=========================
Although OTRS 2.4.9 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell
or by filing a bug in Bugzilla [http://bugs.otrs.org].
--
Hauke Jan Böttcher
Director Marketing
OTRS AG
Norsk-Data-Straße 1
61352 Bad Homburg
Germany
T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/
Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
Hauke Jan Böttcher
Director Marketing
OTRS AG
Norsk-Data-Straße 1
61352 Bad Homburg
Germany
T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/
Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/announce
- [IT-SecurityNotifies] [announce] OTRS Security Advisory 2010-03: OTRS 2.4.9 (Aitutaki Beach), Hauke Böttcher, 25.10.2010
Archiv bereitgestellt durch MHonArc 2.6.19.