Hi Martin, thank you for information. Cheers Chris Am 28.03.2011 10:52, schrieb Martin Gruner:
Hi Christian,
there was an advisory for another security issue which was fixed in OTRS 2.3.5, but also 2.1.9 and 2.2.9: http://otrs.org/advisory/OSA-2010-01-en/
Unfortunately, this advisory does not cover the issue described in the CVE you referenced. However, this issue is related to scripts/webform.pl, an example file which is not used by default in OTRS, and therefore not directly vulnerable from outside. For this file, the issue was also fixed in 2.3.5. As this is just plain perl example code and not related to the rest of the OTRS code, you can just exchange this file from a newer version of OTRS, like this version: http://source.otrs.org/viewvc.cgi/otrs/scripts/webform.pl?view=co&pathrev=re... http://source.otrs.org/viewvc.cgi/otrs/scripts/webform.pl?view=co&pathrev=re...
With best regards, mg
Am 25.03.11 16:16, schrieb Christian:
Hi,
about this issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456
will there be a patch for the OTRS: 2.2 branch ?
Thanks for info Cheers
-- Christian --------------------------------------------------- Der ultimative shop für Sportbekleidung und Zubehör http://www.sc24.de ---------------------------------------------------