CVE-2017-16921 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16921): In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user. CVE-2017-16854 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16854): In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets.
@Maintainers please let us know when tree is clean. Thank you
I don't see otrs-packages smaller than www-apps/otrs-5.0.25 in portage right now. I have a working otrs-5.0.26.ebuild here (same as 5.0.25) and I am preparing a first otrs-6.0.3.ebuild. Unfortunately the upgrade from 5.x to 6.x needs some steps that I still have to script in a way.
CVE-2017-16854 is fixed via https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d which is present in >=www-apps/otrs-5.0.25. CVE-2017-16921 is fixed via https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646 which is present in >=www-apps/otrs-5.0.25.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b65a13b5515413ad93155a165a9029a884804eef commit b65a13b5515413ad93155a165a9029a884804eef Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-01-02 19:11:16 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-01-02 19:11:52 +0000 www-apps/otrs: Security cleanup Bug: https://bugs.gentoo.org/640548 Package-Manager: Portage-2.3.19, Repoman-2.3.6 www-apps/otrs/Manifest | 1 - www-apps/otrs/otrs-5.0.23.ebuild | 154 --------------------------------------- 2 files changed, 155 deletions(-)}
Repository is now clean, all done.