[Git][security-tracker-team/security-tracker][master] Triage Odoo issues

Sebastien Delafond seb at debian.org
Mon Dec 28 09:36:20 GMT 2020 


Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7605e076 by Sébastien Delafond at 2020-12-28T10:34:45+01:00
Triage Odoo issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6658,9 +6658,8 @@ CVE-2020-29398
 CVE-2020-29397
 	RESERVED
 CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterp ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63712
-	TODO: check, unclear what upstream fix is
 CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...)
 	NOT-FOR-US: EventON plugin for WordPress
 CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...)
@@ -104898,29 +104897,23 @@ CVE-2019-11788
 CVE-2019-11787
 	RESERVED
 CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63711
-	TODO: check
 CVE-2019-11785 (Improper access control in mail module (followers) in Odoo Community 1 ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63710
-	TODO: check
 CVE-2019-11784 (Improper access control in mail module (notifications) in Odoo Communi ...)
-	- odoo <undetermined>
+	- odoo 14.0.0+dfsg.2-1
 	NOTE: https://github.com/odoo/odoo/issues/63709
-	TODO: check
 CVE-2019-11783 (Improper access control in mail module (channel partners) in Odoo Comm ...)
-	- odoo <undetermined>
+	- odoo 14.0.0+dfsg.2-1
 	NOTE: https://github.com/odoo/odoo/issues/63708
-	TODO: check
 CVE-2019-11782 (Improper access control in Odoo Community 14.0 and earlier and Odoo En ...)
-	- odoo <undetermined>
+	- odoo 14.0.0+dfsg.2-1
 	NOTE: https://github.com/odoo/odoo/issues/63707
-	TODO: check
 CVE-2019-11781 (Improper input validation in portal component in Odoo Community 12.0 a ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63706
-	TODO: check
 CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
 	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/42196
@@ -149015,9 +149008,8 @@ CVE-2018-15647
 CVE-2018-15646
 	RESERVED
 CVE-2018-15645 (Improper access control in message routing in Odoo Community 12.0 and  ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63705
-	TODO: check
 CVE-2018-15644
 	RESERVED
 CVE-2018-15643
@@ -149025,18 +149017,16 @@ CVE-2018-15643
 CVE-2018-15642
 	RESERVED
 CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo Community 11.0  ...)
-	- odoo <undetermined>
+	- odoo 14.0.0+dfsg.2-1
 	NOTE: https://github.com/odoo/odoo/issues/63704
-	TODO: check
 CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
 	- odoo <not-affected> (Only in enterprise version)
 	NOTE: https://github.com/odoo/odoo/issues/32514
 CVE-2018-15639
 	RESERVED
 CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63703
-	TODO: check
 CVE-2018-15637
 	RESERVED
 CVE-2018-15636
@@ -149045,17 +149035,14 @@ CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Co
 	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/32515
 CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in Odoo Comm ...)
-	- odoo <undetermined>
+	- odoo 14.0.0+dfsg.2-1
 	NOTE: https://github.com/odoo/odoo/issues/63702
-	TODO: check
 CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo Communit ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63701
-	TODO: check
 CVE-2018-15632 (Improper input validation in database creation logic in Odoo Community ...)
-	- odoo <undetermined>
+	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/63700
-	TODO: check
 CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and  ...)
 	- odoo <not-affected> (Fixed before initial upload to Debian)
 	NOTE: https://github.com/odoo/odoo/issues/32514



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605e0764b76b6ba7bc780c1625f2893b92d8933

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605e0764b76b6ba7bc780c1625f2893b92d8933
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201228/ab6458e9/attachment.html>

More information about the debian-security-tracker-commits mailing list