Summary: | <www-apps/otrs-5.0.25: Multiple vulnerabilities (CVE-2017-{16854,16921}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | lists, proxy-maint, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-12-10 16:30:10 UTC
@Maintainers please let us know when tree is clean. Thank you I don't see otrs-packages smaller than www-apps/otrs-5.0.25 in portage right now. I have a working otrs-5.0.26.ebuild here (same as 5.0.25) and I am preparing a first otrs-6.0.3.ebuild. Unfortunately the upgrade from 5.x to 6.x needs some steps that I still have to script in a way. CVE-2017-16854 is fixed via https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d which is present in >=www-apps/otrs-5.0.25. CVE-2017-16921 is fixed via https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646 which is present in >=www-apps/otrs-5.0.25. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b65a13b5515413ad93155a165a9029a884804eef commit b65a13b5515413ad93155a165a9029a884804eef Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-02 19:11:16 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-02 19:11:52 +0000 www-apps/otrs: Security cleanup Bug: https://bugs.gentoo.org/640548 Package-Manager: Portage-2.3.19, Repoman-2.3.6 www-apps/otrs/Manifest | 1 - www-apps/otrs/otrs-5.0.23.ebuild | 154 --------------------------------------- 2 files changed, 155 deletions(-)} Repository is now clean, all done. |