Dear Community Members,

++++++++++ OTRS Security Advisory 2010-01 OTRS 2.4.7 ++++++++++


Release:            OTRS 2.4.7
Status:             stable
Code Name:          Aitutaki Beach


SECURITY FIXES:
===============

---------------------------------------------------------------
 OTRS Security Advisory 2010-01            <security@otrs.org>
---------------------------------------------------------------
 ID:         OSA-2010-01
 Date:       2010-02-08
 Title:      Vulnerability in OTRS-Core allows SQL-Injection
 Severity:   Critical
 Product:    OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x
 Fixed in:   OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9
 URL:        http://otrs.org/advisory/OSA-2010-01-en/
 CVE:        CVE-2010-0438
---------------------------------------------------------------

To read the entire Security Advisory please follow this link:

ENGLISH VERSION:

http://otrs.org/advisory/OSA-2010-01-en/

GERMAN VERSION:

http://otrs.org/advisory/OSA-2010-01-de/

BUG FIXES:
==========


* Bug# 4754 - Multiple tickets get created with a huge POP3 Mailbox -
              more then 2000 email in the box. Error message: ("Deep 
              recursion on subroutine").
              [ http://bugs.otrs.org/show_bug.cgi?id=4754 ]

* Bug# 4770 - Attachments are stripped/not shown from outgoing emails
              in some scenarios with ms exchange.
              [ http://bugs.otrs.org/show_bug.cgi?id=4770 ]

* Bug# 4735 - TicketFreeTime option in Customer frontend for ticket 
              search does not work as expected (only every second is 
              used).
              [ http://bugs.otrs.org/show_bug.cgi?id=4735 ]

* Bug# 4818 - Removed inline image of forwarded message and composing
              answers in agent interface are still included.
              [ http://bugs.otrs.org/show_bug.cgi?id=4818 ]

MD5 CHECKSUMS:
==============

b0bc7d2135431694e515515aedcb021c
15a26ee60b17b871b315e816c0634dfa
9688f2c41f03d59ea69beb8f8705c28f
24ce79ad1abf3ee7b3a1727af8833de9
fe310dd5c0d0bb800dccc1e970afeaa9
64d6f67049c4b147601545460f3d9897
578070ba8ddf62074eab0f43d17d5d3d
df273a147c9313ce8a4e46098131ab2b
6e02958ff98d56e09c36730852fe6dfe
1295255918f32150b35b73df1afd0b0c
d233b500ec996c00b284ce1d241ea172
f786229c8410435fd57630235d2fad24
0663b2e320f49eced27cd19e9de4b268
9440d68226f51a7b345132d25a11f1e3


DOWNLOAD FIXED RELEASES:
========================

http://otrs.org/releases/


YOUR CONTRIBUTION:
===================

* Please send information regarding vulnerabilities in OTRS to
  security@otrs.org.

* We kindly ask for your assistance to update the translation 
  files! The current status can be found here: 


FEEDBACK & BUG REPORTING: 
========================= 
Although OTRS 2.4.7 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell 
us what you think, using this feedback e-Mail: [enjoy at otrs.com
or by filing a bug in Bugzilla [http://bugs.otrs.org].

MEET US:
========

and get to know more about OTRS  at booth no. 517b from Feb 21-24, 2010!

CU@ CeBIT 2010 in Hannover (Germany) and get to know more 
about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010!

--

((enjoy))

Hauke Jan Böttcher
Director Sales & Marketing

OTRS AG
Norsk-Data-Straße 1
61352 Bad Homburg
Germany

T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I:  http://www.otrs.com/

Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)