OTRS Security Advisory 2010-03: OTRS 2.4.9 released

English news about the ticket system and this board
Dont create your support topics here!
Forum rules
Dont create your support topics here!
Locked
Andre Bauer
Znuny guru
Posts: 2189
Joined: 08 Dec 2005, 17:01
Znuny Version: 5.0.x
Real Name: André Bauer
Company: Magix Software GmbH
Location: Dresden
Contact:
Contact Andre Bauer

OTRS Security Advisory 2010-03: OTRS 2.4.9 released

Post by Andre Bauer »

Dear Community Members,

++++++++++ OTRS Security Advisory 2010-03 OTRS 2.4.9 ++++++++++


Release: OTRS 2.4.9
Status: stable
Code Name: Aitutaki Beach


SECURITY FIXES:
===============

---------------------------------------------------------------
OTRS Security Advisory 2010-03 <security@otrs.org>
---------------------------------------------------------------
ID: OSA-2010-03
Date: 2010-10-25
Title: AgentTicketZoom is vulnerable to XSS attacks from
HTML e-mails
Severity: Less critical
Product: OTRS 2.4.x
Fixed in: OTRS 2.4.9
URL: http://otrs.org/advisory/OSA-2010-03-en/
---------------------------------------------------------------

To read the entire Security Advisory please follow this link:

http://otrs.org/advisory/OSA-2010-03-en/


BUG FIXES:
==========


* Bug#6016 - AgentTicketZoom is vunerable to XSS attacks from HTML
e-mails.
[ http://bugs.otrs.org/show_bug.cgi?id=6016 ]

* Bug#5903 - E-mail notification links don't contain <a href…
tags.
[ http://bugs.otrs.org/show_bug.cgi?id=5903 ]

* Bug#6030 - Event notifications get's fired several times on
event "TicketFreeTextUpdate".
[ http://bugs.otrs.org/show_bug.cgi?id=6030 ]

* Bug#5941 - Error in Apache log occured when no tickets and/or
customers are in the dashboard.
[ http://bugs.otrs.org/show_bug.cgi?id=5941 ]

* Bug#5541 - Dashboard Chart generates error in webserver log.
[ http://bugs.otrs.org/show_bug.cgi?id=5541 ]

* Bug#5462 - Kernel::System::Ticket::TicketEscalationIndexBuild()
does not invalidate the cache.
[ http://bugs.otrs.org/show_bug.cgi?id=5462 ]

* Bug#5667 - Rich Text is not working in ipad. It's not possible
to add a note or close a ticket.
[ http://bugs.otrs.org/show_bug.cgi?id=5667 ]

* Bug#5266 - Ticket Zoom shows wrong html content if there is no
text but two html attachments in there.
[ http://bugs.otrs.org/show_bug.cgi?id=5266 ]


MD5 CHECKSUMS:
==============

2fcf15fe8a7e7413dd8aa69d0a7420e7
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
0d7d3197f0de75c36be59ddffc6cf7e7
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
a553feacc4f5a99fa6187d18a271d743
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
967b68a167f1024016a13ff09ef3ec6d
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
3a1056434ab487c29f0a4872fa9f2db9
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
9db398bb0edc46c19daad323ce103aa2
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
6ab8e0571538cd618e81ecc5d922adf3
http://ftp.otrs.org/pub/otrs/RPMS/fedor ... noarch.rpm
e1f74424f3004257a16b63346da26eb7
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
0cca890de367c4c3f7697442dfa2eb8a
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
0719e6e35d22f92d01de06df2c360361
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.tar.gz
bf0aa646ae8670bc9f8bfa3a67e74f12
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.tar.bz2
7459d171b9295bc3c81d86e454771290
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.zip
c2f1bba1ba984da6d605b9900cb4db58
http://ftp.otrs.org/pub/otrs/otrs-2.4.9 ... -2.3.1.exe

SOFTWARE DOWNLOAD:
===================

Please note that we have relaunched our website http://www.otrs.com.
The software can now be downloaded exclusively

* http://otrs.org/download/
* http://otrs.org/download/#otrs3
* ftp://ftp.otrs.org/pub/otrs/ (Germany/Hamburg)

A complete list of all download mirrors (ftp/http/rsync) is
available at http://otrs.org/download/

YOUR CONTRIBUTION:
===================

* Please send information regarding vulnerabilities in OTRS to
security@otrs.org.

* We kindly ask for your assistance to update the translation
files! The current status can be found here:
http://users.otrs.com/~me/i18n/


FEEDBACK & BUG REPORTING:
=========================
Although OTRS 2.4.9 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell
us what you think, using this feedback e-Mail: [enjoy at otrs.com]
or by filing a bug in Bugzilla [http://bugs.otrs.org].

--


Hauke Jan Böttcher
Director Marketing

xxx
Norsk-Data-Straße 1
61352 Bad Homburg
Germany

T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/

Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
Prod: Ubuntu Server 16.04 / Zammad 1.2

DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!

OtterHub.org
Top
Locked

Return to “News”