Summary: | <www-apps/otrs-{2.4.11,3.0.10} File Disclosure Vulnerability (CVE-2011-2746) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | patrick, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://otrs.org/advisory/OSA-2011-03-en/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 379863 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2011-08-19 11:03:12 UTC
+ 19 Aug 2011; Patrick Lauer <patrick@gentoo.org> +otrs-3.0.10.ebuild: + Bump for #379855 I suggest masking/removing otrs 2.*, upstream doesn't plan to support it much longer, and we have seriously outdated versions. For the ppc keywords I've opened Bug #379863 + 19 Aug 2011; Patrick Lauer <patrick@gentoo.org> -otrs-2.2.6.ebuild, + -otrs-2.3.3.ebuild, -otrs-3.0.7.ebuild, -otrs-3.0.9.ebuild: + Remove old So only 3.0.10 is left and no vulnerable version is left Great, thank you, Patrick. Closing noglsa for ~arch package. CVE-2011-2746 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2746): Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors. |