Bug 828850 (CVE-2013-4717) - VUL-0: CVE-2013-4717 CVE-2013-4718 otrs: Security Advisory 2013-05
Summary: VUL-0: CVE-2013-4717 CVE-2013-4718 otrs: Security Advisory 2013-05
Status: RESOLVED FIXED
Alias: CVE-2013-4717
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-10 11:48 UTC by Marcus Meissner
Modified: 2013-08-14 01:08 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2013-07-10 11:48:48 UTC 
public, via christian ;)

Betreff:        [announce] OTRS Security Advisory 2013-05 OTRS Help Desk
3.2.9, 3.1.18, 3.0.22 and OTRS ITSM 3.0.9, 3.1.10, 3.2.7
Datum:  Fri, 5 Jul 2013 16:39:07 +0200
Von:    Annalena Navarro von Starck <annalena.vonstarck@otrs.com>
Antwort an:     Announcements about OTRS.org <announce@otrs.org>
An:     announce@otrs.org



+++++++++ OTRS Security Advisory 2013-05 OTRS Help Desk 3.2.9, 3.1.18,
3.0.22 and OTRS ITSM 3.2.7, 3.1.10, 3.0.9 +++++++++

Releases:OTRS Help Desk 3.2.9, 3.1.18, 3.0.22
OTRS ITSM 3.2.7, 3.1.10, 3.0.9
Release date:9-July-2013
Status:                 Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2013-05<security at otrs.org
<mailto:security@otrs.org>>
------------------------------------------------------------------
ID: OSA-2013-05
Date: 2013-07-09
Title: SQL Injection + XSS Issue
Severity: Medium (Overall CVSS Score SQL Injection: 3.6, CVSS Score XSS:
4.2)
Fixed in: OTRS Help Desk 3.2.9, 3.1.18, 3.0.22, OTRS ITSM 3.2.7, 3.1.10,
3.0.9
URL:
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE: CVE-2013-4717 - SQL Injection
CVE-2013-4718 - XSS


To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-05/
Comment 1 Swamp Workflow Management 2013-07-10 22:00:23 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2013-07-26 08:43:35 UTC 
Chris? are you going to submit updates?
Comment 3 Christian Wittmer 2013-07-27 00:37:59 UTC 
ongoinf work
Comment 4 Christian Wittmer 2013-07-27 00:46:42 UTC 
update for otrs.openSUSE_12.2_Update prepared
Comment 5 Christian Wittmer 2013-07-27 00:56:18 UTC 
update for otrs.openSUSE_12.3_Update prepared
Comment 6 Christian Wittmer 2013-07-27 01:13:34 UTC 
Created maintenance release request
Comment 7 Bernhard Wiedemann 2013-07-27 02:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (828850) was mentioned in
https://build.opensuse.org/request/show/184467 Factory / otrs
https://build.opensuse.org/request/show/184468 Maintenance /
Comment 8 Marcus Meissner 2013-08-13 21:00:14 UTC 
released
Comment 9 Swamp Workflow Management 2013-08-14 01:08:19 UTC 
openSUSE-SU-2013:1338-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 828850
CVE References: CVE-2013-2625,CVE-2013-2637,CVE-2013-3551,CVE-2013-4088,CVE-2013-4717,CVE-2013-4718
Sources used:
openSUSE 12.3 (src):    otrs-3.1.18-26.5.1
openSUSE 12.2 (src):    otrs-3.1.18-20.17.1