CVE-2010-4764

Name	CVE-2010-4764
Description	Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
otrs2 (PTS)	buster/non-free	6.0.16-2	fixed
	buster/non-free (security)	6.0.16-2+deb10u1	fixed
	bullseye/non-free	6.0.32-6	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
otrs2	source	(unstable)	2.4.10+dfsg1-1	unimportant

Marginal security impact, standard bug