Hello community,
here is the log from the commit of package otrs for openSUSE:11.2
checked in at Fri Apr 1 10:42:49 CEST 2011.
--------
--- old-versions/11.2/UPDATES/all/otrs/otrs.changes 2010-07-07 16:49:22.000000000 +0200
+++ 11.2/otrs/otrs.changes 2011-03-31 17:01:55.000000000 +0200
@@ -1,0 +2,9 @@
+Thu Mar 31 14:54:19 UTC 2011 - chris@computersalat.de
+
+- fix for CVE-2011-0456 [bnc#679292]
+ o added CVE-2011-0456 patch
+ o This issue is related to scripts/webform.pl, an example file which
+ is not used by default in OTRS, and therefore not directly
+ vulnerable from outside.
+
+-------------------------------------------------------------------
calling whatdependson for 11.2-i586
New:
----
otrs-2.2.6-CVE-2011-0456.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ otrs.spec ++++++
--- /var/tmp/diff_new_pack.jlQ3Ai/_old 2011-04-01 10:41:00.000000000 +0200
+++ /var/tmp/diff_new_pack.jlQ3Ai/_new 2011-04-01 10:41:00.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package otrs (Version 2.2.6)
+# spec file for package otrs
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
Name: otrs
Version: 2.2.6
-Release: 46.<RELEASE3>
+Release: 46.<RELEASE5>
License: GPLv2+
Group: Productivity/Networking/Email/Utilities
Url: http://otrs.org/
@@ -33,6 +33,9 @@
Patch: otrs-init.diff
Patch1: otrs-nochown.diff
Patch2: otrs-2.2-OSA-2010-01.diff
+# patch for CVE-2011-0456
+# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0456
+Patch3: otrs-2.2.6-CVE-2011-0456.patch
Summary: Open Ticket Request System
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: pwdutils
@@ -181,6 +184,7 @@
%patch -p1
%patch1
%patch2
+%patch3 -p1
find -name ".cvsignore" -type f | xargs rm -fv
%build
++++++ otrs-2.2.6-CVE-2011-0456.patch ++++++
diff -ruN otrs-2.2.6-orig/scripts/webform.pl otrs-2.2.6/scripts/webform.pl
--- otrs-2.2.6-orig/scripts/webform.pl 2007-02-07 06:27:22.000000000 +0100
+++ otrs-2.2.6/scripts/webform.pl 2009-02-20 13:05:54.000000000 +0100
@@ -2,50 +2,57 @@
# --
# webform.pl - a simple web form script to generate email with
# X-OTRS-Queue header for an OTRS system (x-headers for dispatching!).
-# Copyright (C) 2001-2007 OTRS GmbH, http://otrs.org/
+# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
# --
-# $Id: webform.pl,v 1.8 2007/02/07 05:27:22 tr Exp $
+# $Id: webform.pl,v 1.14 2009/02/20 12:05:54 mh Exp $
# --
# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
+# it under the terms of the GNU AFFERO General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
-# You should have received a copy of the GNU General Public License
+# You should have received a copy of the GNU Affero General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# or see http://www.gnu.org/licenses/agpl.txt.
# --
use strict;
+use warnings;
+
# to get the errors on screen
use CGI::Carp qw(fatalsToBrowser);
+
# Simple Common Gateway Interface Class
use CGI;
-my $VERSION = '$Revision: 1.8 $';
-$VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/;
+my $VERSION = qw($Revision: 1.14 $) [1];
# --------------------------
# web form options
# --------------------------
my $Ident = 'ahfiw2Fw32r230dddl2foeo3r';
+
# sendmail location and options
-my $Sendmail = '/usr/sbin/sendmail -t -i -f ';
+my $Sendmail = '/usr/sbin/sendmail -t -i -f';
+
# email where the emails of the form will send to
my $OTRSEmail = 'otrs-system@example.com';
+
# topics and dest. queues
my %Topics = (
+
# topic => OTRS queue
- 'Info' => 'info',
- 'Support' => 'support',
- 'Bugs' => 'bugs',
- 'Sales' => 'sales',
- 'Billing' => 'billing',
+ 'Info' => 'info',
+ 'Support' => 'support',
+ 'Bugs' => 'bugs',
+ 'Sales' => 'sales',
+ 'Billing' => 'billing',
'Webmaster' => 'webmaster',
);
@@ -54,17 +61,23 @@
# --------------------------
sub Header {
- my %Param = @_;
- (my $Output = <