Vulnerability Package: OTRS (the Open Ticket Request System) Vulnerabilities: Multiple SQL injection, cross-site scripting, and HTML rendering issues CVE IDs: CVE-2005-3893, CVE-2005-3894, CVE-2005-3895 BugTraq ID: 15537 Debian Bug ID: 340352 Affects: The stable distribution (sarge) and unstable distribution (sid) Not Affected: Old stable distribution (woody) as it does not contain OTRS packages Fixed Versions: - Sarge: 1.3.2p01-6 - Sid: 2.0.4p01-1 Upgrade Instructions: - Using and for manual updates. - Using to automate the update process. Source Archives and Architecture Independent Components: - Links provided for downloading OTRS package, diffs, and documentation. Next Stable Update: These files will likely be moved to the stable distribution during its next update. Contact Information and Further Resources: - Debian Security Advisory (DSA 973-1) number provided. - Instructions for obtaining package information and subscribing to the security mailing list.