Am Thu, Aug 05, 2021 at 09:19:14AM +0000 schrieb Debian FTP Masters:
> Source: otrs2
> Source-Version: 6.0.32-6
> Done: Patrick Matthäi <[email protected]>
>
> We believe that the bug you reported is fixed in the latest version of
> otrs2, which is due to be installed in the Debian FTP archive.
>
> A summary of the changes between this version and the previous one is
> attached.
>
> Thank you for reporting the bug, which will now be closed. If you
> have further comments please address them to [email protected],
> and the maintainer will reopen the bug report if appropriate.
>
> Debian distribution maintenance software
> pp.
> Patrick Matthäi <[email protected]> (supplier of updated otrs2 package)
>
> (This message was generated automatically at their request; if you
> believe that there is a problem with it please contact the archive
> administrators by mailing [email protected])
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Format: 1.8
> Date: Thu, 05 Aug 2021 10:37:30 +0200
> Source: otrs2
> Architecture: source
> Version: 6.0.32-6
> Distribution: unstable
> Urgency: high
> Maintainer: Patrick Matthäi <[email protected]>
> Changed-By: Patrick Matthäi <[email protected]>
> Closes: 991593
> Changes:
> otrs2 (6.0.32-6) unstable; urgency=high
> .
> * Add upstream patches to fix CVE-2021-36091, CVE-2021-21440 and
> CVE-2021-21443.
> Closes: #991593
Hi Patrick,
what about CVE-2021-36092, does that need to be split off to a separate
bug or is znuny as packaged in Debian not affected?
Cheers,
Moritz
