| Summary: | <www-apps/otrs-5.0.15: Stored CSS Vulnerability | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | lists, proxy-maint, web-apps |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.otrs.com/security-advisory-2016-02-security-update-otrs/ | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
otrs-5.0.14.ebuild running OK here. Same ebuild as the releases before. see bug https://bugs.gentoo.org/show_bug.cgi?id=563580 for reference @ Stefan: Please submit a PR so we can review/proceed. please advise where and how to submit the PR. You want to pull the ebuild from my repo? Stefan, please see https://wiki.gentoo.org/wiki/Gentoo_Github for details. You basically create a PR against the repository at https://github.com/gentoo/gentoo. Package was updated, no stabilization needed because package was never stable. Repository is clean. All done. |
From ${URL} : An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context. Fixed in: OTRS 3.3.16 4.0.19 5.0.14 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.