[Git][security-tracker-team/security-tracker][master] Add some new otrs2 issues

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bac9f6f9 by Salvatore Bonaccorso at 2020-03-27T21:30:55+01:00
Add some new otrs2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22977,15 +22977,34 @@ CVE-2020-1775
 CVE-2020-1774
 	RESERVED
 CVE-2020-1773 (It's possible that an authenticated user guess other session IDs based ...)
-	TODO: check
+	- otrs2 <unfixed>
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
+	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
+	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
+	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
-	TODO: check
+	- otrs2 <unfixed>
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
+	NOTE: Fixed in 7.0.16, 6.0.25, 5.0.42
+	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
+	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address  ...)
-	TODO: check
+	- otrs2 <unfixed>
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
+	NOTE: Fixed in 7.0.16, 6.0.27
+	NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
-	TODO: check
+	- otrs2 <unfixed>
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
+	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
+	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
+	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
 CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
-	TODO: check
+	- otrs2 <unfixed>
+	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
+	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
+	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93
+	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f
 CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...)
 	- otrs2 <not-affected> (Only affects 7.0.x series)
 	NOTE: https://community.otrs.com/security-advisory-2020-04/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bac9f6f9e9244db19ee0b19c02510b4251ffbb46

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bac9f6f9e9244db19ee0b19c02510b4251ffbb46
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200327/3ec1c68d/attachment.html>