From ${URL} : Security Advisory Details ID: OSA-2014-06 Date: 2014-12-16 Title: Incomplete Access Control Severity: low (Overall CVSS Score : 2.7) Product: OTRS 3.2.x, 3.3.x, 4.0.x Fixed in: OTRS 3.2.17, 3.3.11, 4.0.3 URL: [TBD] FULL CVSS v2 VECTOR: (AV:N/AC:M/AU:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND) References: CVE-2014-9324 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
CVE-2014-9324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9324): The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vectors.
Author: Ian Delaney <idella4@gentoo.org> Date: Thu Oct 1 12:55:13 2015 +0800 www-apps/otrs: Designate new maintainer in metadata, bump to -4.0.12 New maintainer added & supported under the proxy-maintainers herd, testing and revision carried out thanks also to wraeth, fix to broken .png file applied according to past bug #466190 supplied by Blackb|rd, all patches and revisons of ebuilds supplied via bug cited below, releases after -3.2.12 skipped, holding off from beta versions of version 5.x for now, removed old versions prior to -3.2.12. Finally closes the gentoo bug. commit 8719c0549974cef1a8f1d7b3362f1be35678b478 Author: Ian Delaney <idella4@gentoo.org> Date: Mon Oct 5 16:04:44 2015 +0800 www-apps/otrs clean old version wrt bug #532912