[Git][security-tracker-team/security-tracker][master] 2 commits: Add two new otrs2 issues

Thu Jun 6 10:26:25 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d308bc98 by Salvatore Bonaccorso at 2019-06-06T09:23:10Z
Add two new otrs2 issues

- - - - -
97169d94 by Salvatore Bonaccorso at 2019-06-06T09:25:11Z
Mark stretch as no-dsa for otrs2 (non-free not supported)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -502,8 +502,13 @@ CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing
 	NOT-FOR-US: Xiaomi M365 scooter
 CVE-2019-12498
 	RESERVED
-CVE-2019-12497
+CVE-2019-12497 [OSA-2019-09]
 	RESERVED
+	- otrs2 6.0.19-1
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
+	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
+	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57
 CVE-2019-12496 (An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt  ...)
 	NOT-FOR-US: Hybrid Group Gobot
 CVE-2019-12495 (An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. ...)
@@ -1123,8 +1128,15 @@ CVE-2019-12250 (IdentityServer IdentityServer4 through 2.4 has stored XSS via th
 	NOT-FOR-US: IdentityServer
 CVE-2019-12249
 	RESERVED
-CVE-2019-12248
+CVE-2019-12248 [OSA-2019-08]
 	RESERVED
+	- otrs2 6.0.19-1
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
+	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
+	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
+	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/edbc7371a52fc5d0032e934d2456b5f39da317f1
+	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/2d85ce89515db8e94b36ea8ba97f21e27aa66efd
 CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qga/comm ...)
 	- qemu <unfixed> (unimportant; bug #929365)
 	- qemu-kvm <removed> (unimportant)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739...97169d941518ae4e3093047b573775e8270929c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/4cd3254b8e6b8d4f710a8a9912b80bcf4fd86739...97169d941518ae4e3093047b573775e8270929c4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190606/0c900a1b/attachment.html>
