[Git][security-tracker-team/security-tracker][master] Mark new otrs2 issues as no-dsa for buster and stretch

Salvatore Bonaccorso carnil at debian.org
Fri Mar 27 20:33:00 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2b2bd6b by Salvatore Bonaccorso at 2020-03-27T21:32:26+01:00
Mark new otrs2 issues as no-dsa for buster and stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22978,29 +22978,39 @@ CVE-2020-1774
 	RESERVED
 CVE-2020-1773 (It's possible that an authenticated user guess other session IDs based ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
 	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
 	NOTE: Fixed in 7.0.16, 6.0.25, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
 	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address  ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
 	NOTE: Fixed in 7.0.16, 6.0.27
 	NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
 	NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
 CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
 	- otrs2 <unfixed>
+	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b2bd6bdafac40aea042321edbbb98003fd1e87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e2b2bd6bdafac40aea042321edbbb98003fd1e87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200327/8edfb435/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list