[Secure-testing-commits] r46082 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Nov 9 11:34:41 UTC 2016
Author: carnil
Date: 2016-11-09 11:34:41 +0000 (Wed, 09 Nov 2016)
New Revision: 46082
Modified:
data/CVE/list
Log:
Add fixed version for CVE-2016-9139/otrs2 in unstable and mark as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-11-09 10:08:07 UTC (rev 46081)
+++ data/CVE/list 2016-11-09 11:34:41 UTC (rev 46082)
@@ -304,7 +304,8 @@
TODO: check
CVE-2016-9139 [An attacker could trick an authenticated agent or customer into opening a malicious attachment which could lead to the execution of JavaScript in OTRS context]
RESERVED
- - otrs2 <unfixed> (bug #843091)
+ - otrs2 5.0.14-1 (bug #843091)
+ [jessie] - otrs2 <no-dsa> (Minor issue)
NOTE: https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
More information about the Secure-testing-commits
mailing list