Thanks Martin. Mark On Apr 17, 2007, at 12:46 AM, Martin Edenhofer wrote:
Hi Mark,
just use this patch. It's against OTRS 1.3.2 and will fix the security problem. :)
http://users.otrs.com/~me/otrs-1.3.2-OSA-2005-01-patch.diff
Greetings from Germany,
Martin Edenhofer
((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 56818 0 :: Fax: +49 (0) 9421 56818 18 http://www.otrs.com/ :: Communication with success!
Mark D. Wallace schrieb:
Ok, I think i've found where the security changes in 1.3.2 were made. In the release notes it states: 1.3.3 (2005-10-20) - (2005/10/17) added security bugfix for missing SQL quote
And I believe the file that the changes were made in is System/DB.pm.
I would kindly ask that any developer that worked on this verify where the changes were made to fix the security problems with 1.3.2. We are going to upgrade our installation eventually, but we have made a number of customizations that will take a while to migrate, so in the meantime we need to patch our version of 1.3.2. Thanks for your help.
Mark
On Apr 12, 2007, at 5:41 PM, Mark D. Wallace wrote:
We are running 1.3.2 and have made many mods to the code all the way to the system files. The issues related to security in 1.3.2 are a top issue for us now. I would like to know if there is a set of patches that can fix this problem for OTRS 1.3.2, or are there other suggestions that would expedite getting our installation secure as soon as possible.
Thanks, Mark Wallace
_______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev