Description: A vulnerability has been reported in OTRS, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to an error within the Kernel/Modules/AdminPackageManager.pm script, which can be exploited to disclose arbitrary local files. Successful exploitation requires administrator permissions and that at least one OTRS package is installed. The vulnerability is reported in versions prior to 2.4.11 and 3.0.10. Solution: Update to versions 2.4.11 or 3.0.10.
+ 19 Aug 2011; Patrick Lauer <patrick@gentoo.org> +otrs-3.0.10.ebuild: + Bump for #379855 I suggest masking/removing otrs 2.*, upstream doesn't plan to support it much longer, and we have seriously outdated versions. For the ppc keywords I've opened Bug #379863
+ 19 Aug 2011; Patrick Lauer <patrick@gentoo.org> -otrs-2.2.6.ebuild, + -otrs-2.3.3.ebuild, -otrs-3.0.7.ebuild, -otrs-3.0.9.ebuild: + Remove old So only 3.0.10 is left and no vulnerable version is left
Great, thank you, Patrick. Closing noglsa for ~arch package.
CVE-2011-2746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2746): Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.
