Page MenuHomePhabricator
Create Task
Maniphest T114132

Apply security patch to OTRS (Scheduler Process ID File Access vulnerability)
Closed, DeclinedPublic
Actions

Description

Please see the latest OTRS security advisory, published today, at https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/. We are currently running OTRS 3.2.14. The vulnerability is fixed in 3.2.18. In the past, @Jgreen has performed such security-related patch-level updates a few times, which all went flawless from what I remember.

Related Objects

Event Timeline

pajz created this task.Sep 29 2015, 4:25 PM
pajz raised the priority of this task from to Needs Triage.
pajz updated the task description. (Show Details)
pajz added a project: Znuny.
pajz added subscribers: pajz, Jgreen.
Restricted Application added subscribers: Rjd0060, Steinsplitter, Aklapper. · View Herald TranscriptSep 29 2015, 4:25 PM
Jgreen triaged this task as High priority.Sep 29 2015, 5:16 PM
Jgreen added a project: acl*sre-team.
Jgreen set Security to None.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptSep 29 2015, 5:16 PM
Steinsplitter moved this task from Incoming to Backlog (high priority) on the Znuny board.Oct 11 2015, 11:25 AM
Aklapper added a subscriber: Security-Team.Oct 12 2015, 3:16 PM

@Jgreen / SRE: is there a vague timeframe / ETA?

faidon closed this task as Declined.Oct 26 2015, 8:12 PM
faidon claimed this task.
faidon subscribed.

We'll upgrade OTRS to a newer major release instead, as work for this was already underway when this security vulnerability appeared and the vulnerability is minor. That work is almost done and is being tracked with T74109.

Restricted Application added a subscriber: Matthewrbowker. · View Herald TranscriptOct 26 2015, 8:12 PM
Keegan moved this task from Backlog (high priority) to Resolved on the Znuny board.Apr 4 2016, 10:06 PM
Aklapper removed a subscriber: Security-Team.Jun 29 2023, 2:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL