Date: Sat, 30 Dec 2017 14:19:16 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224729] www/otrs: Update to 5.0.26 (security) Message-ID: <bug-224729-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224729 Bug ID: 224729 Summary: www/otrs: Update to 5.0.26 (security) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: vidar@karlsen.tech CC: m.tsatsenko@gmail.com Flags: maintainer-feedback?(m.tsatsenko@gmail.com) CC: m.tsatsenko@gmail.com Created attachment 189220 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189220&action= =3Dedit Proposed patch OTRS 5.0.23 is vulnerable, as described in CVE-2017-16921:=20 https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framewo= rk/ https://nvd.nist.gov/vuln/detail/CVE-2017-16921 Privilege Escalation: An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. The attached patch will update to 5.0.26. portlint -C: looks fine poudriere testport ok on: 10.3-RELEASE amd64 10.3-RELEASE i386 10.4-RELEASE amd64 10.4-RELEASE i386 11.1-RELEASE amd64 11.1-RELEASE i386 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224729-13>