diff -u otrs2-2.3.4/debian/changelog otrs2-2.3.4/debian/changelog --- otrs2-2.3.4/debian/changelog +++ otrs2-2.3.4/debian/changelog @@ -1,3 +1,9 @@ +otrs2 (2.3.4-1ubuntu1) karmic; urgency=high + + * Kernel/System/Ticket.pm: Fixed CVE-2010-0438 + + -- Tomas Zatko Wed, 17 Feb 2010 18:01:28 +0100 + otrs2 (2.3.4-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- otrs2-2.3.4.orig/Kernel/System/Ticket.pm +++ otrs2-2.3.4/Kernel/System/Ticket.pm @@ -3284,7 +3284,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3312,7 +3312,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ") AND th.history_type_id = $ID "; @@ -3340,7 +3340,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3369,7 +3369,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ") AND th.history_type_id = $ID "; @@ -3433,7 +3433,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3447,7 +3447,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3461,7 +3461,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3477,7 +3477,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ") AND th.history_type_id = $ID "; @@ -3519,7 +3519,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3550,7 +3550,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ") AND th.history_type_id = $ID "; @@ -3645,7 +3645,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3674,7 +3674,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ") AND th.history_type_id = $ID "; @@ -3702,7 +3702,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3729,7 +3729,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')'; @@ -3743,7 +3743,7 @@ if ($Exists) { $SQLExt .= ','; } - $SQLExt .= $Self->{DBObject}->Quote($_); + $SQLExt .= $Self->{DBObject}->Quote($_, 'Integer'); $Exists = 1; } $SQLExt .= ')';