-
Committer:
Package Import Robot
-
Author(s):
Patrick Matthäi
-
Date:
2014-02-20 13:33:07 UTC
-
Revision ID:
package-import@ubuntu.com-20140220133307-p9r5z5mjwgwgesop
Tags: 2.4.9+dfsg1-3+squeeze5
* Add patch 23-security-osa-2014-01 which fixes CVE-2014-1694, also known as
OSA-2014-01:
An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.
* Add patch 24-security-osa-2014-02 which fixes CVE-2014-1471, also known as
OSA-2014-02:
An attacker with a valid customer or agent login could inject SQL in
the ticket search URL.