[Git][security-tracker-team/security-tracker][master] Vulnerable code added in a later version. Jessie version has different

[Abhijith PA]

Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e968b45 by Abhijith PA at 2019-12-21T14:55:05Z
Vulnerable code added in a later version. Jessie version has different
method for chopping file names. Only three or four character is allowed
as extention in jessie's otrs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12152,6 +12152,7 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code
 	NOT-FOR-US: CloudVision Portal
 CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
 	- otrs2 <unfixed> (bug #945251)
+	[jessie] - otrs2 <not-affected> (vulnerable code not present)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e968b4569b50764b6b43472d4b7e8ce04f4c031

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/7e968b4569b50764b6b43472d4b7e8ce04f4c031
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191221/cf9d73ee/attachment.html>