From ${URL} : Description Some vulnerabilities have been reported in OTRS and OTRS ITSM, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Certain input related to the ITSM ConfigItem search is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. Please see the vendor's advisory for affected products and versions. Solution: Update to a fixed version. Further details available to Secunia VIM customers Provided and/or discovered by: Reported by the vendor. Original Advisory: http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/ @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Fixed in 3.1.18, 3.2.9, need a version bump.
3.2.9 is in the tree, @maintainers: please cleanup vulnerable versions
No stable versions for this package, so reassigning ~3. @Maintainers: Please clean up vulnerable versions (and ACK doing so on this bug report). Setting upstream+; Maintainer timeout in 30 days.
Cleanup done.