[Git][security-tracker-team/security-tracker][master] Triage odoo issues
Sebastien Delafond
seb at debian.org
Mon Nov 2 11:50:09 GMT 2020
Sebastien Delafond pushed to branch master at Debian Security Tracker / security-tracker
Commits:
50cfc390 by Sébastien Delafond at 2020-11-02T12:48:45+01:00
Triage odoo issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -91578,7 +91578,8 @@ CVE-2019-11782
CVE-2019-11781
RESERVED
CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/42196
CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
{DSA-4570-1 DLA-1972-1}
- mosquitto 1.6.6-1 (bug #940654)
@@ -135600,7 +135601,8 @@ CVE-2018-15642
CVE-2018-15641
RESERVED
CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Only in enterprise version)
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15639
RESERVED
CVE-2018-15638
@@ -135610,7 +135612,8 @@ CVE-2018-15637
CVE-2018-15636
RESERVED
CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32515
CVE-2018-15634
RESERVED
CVE-2018-15633
@@ -135618,7 +135621,8 @@ CVE-2018-15633
CVE-2018-15632
RESERVED
CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32514
CVE-2018-15630
RESERVED
CVE-2018-15629
@@ -137354,11 +137358,14 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 c
CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32511
CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32513
CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32512
CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
- php7.2 7.2.1-1
- php7.1 7.1.13-1
@@ -137429,25 +137436,35 @@ CVE-2018-14870
CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
NOT-FOR-US: PHP Template Store Script
CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32507
CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32503
CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32509
CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32501
CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32502
CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32508
CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32504
CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32506
CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32505
CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/32510
CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
NOT-FOR-US: idreamsoft iCMS
CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
@@ -137799,7 +137816,8 @@ CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-
CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite ...)
NOT-FOR-US: Hitachi
CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/OCA/server-tools/issues/1335
CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
{DSA-4308-1 DLA-1531-1 DLA-1529-1}
- linux 4.17.14-1
@@ -199130,11 +199148,14 @@ CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authent
NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17921
CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17914
CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17898
CVE-2017-10802
RESERVED
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...)
@@ -203051,7 +203072,8 @@ CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ar
NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://github.com/odoo/odoo/issues/17394
CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...)
NOT-FOR-US: Subsonic
CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...)
@@ -214615,7 +214637,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i
CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
NOT-FOR-US: Unisys ClearPath
CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
- - odoo <undetermined>
+ - odoo <not-affected> (Fixed before initial upload to Debian)
CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cfc390bd59e239f9d10b05f3ac187eee9d0a70
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/50cfc390bd59e239f9d10b05f3ac187eee9d0a70
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201102/65475e82/attachment.html>
More information about the debian-security-tracker-commits
mailing list