[Git][security-tracker-team/security-tracker][master] Replace NFUs for Odoo with now packaged odoo

Salvatore Bonaccorso carnil at debian.org
Sat Oct 31 15:23:25 GMT 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e3bfa28 by Salvatore Bonaccorso at 2020-10-31T16:22:27+01:00
Replace NFUs for Odoo with now packaged odoo

Probably all of those were fixed with the initial upload to Debian, but
should be double checked.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -91572,7 +91572,7 @@ CVE-2019-11782
 CVE-2019-11781
 	RESERVED
 CVE-2019-11780 (Improper access control in the computed fields system of the framework ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2019-11779 (In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT cli ...)
 	{DSA-4570-1 DLA-1972-1}
 	- mosquitto 1.6.6-1 (bug #940654)
@@ -135598,7 +135598,7 @@ CVE-2018-15642
 CVE-2018-15641
 	RESERVED
 CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 10.0 th ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-15639
 	RESERVED
 CVE-2018-15638
@@ -135608,7 +135608,7 @@ CVE-2018-15637
 CVE-2018-15636
 	RESERVED
 CVE-2018-15635 (Cross-site scripting vulnerability in the Discuss App of Odoo Communit ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-15634
 	RESERVED
 CVE-2018-15633
@@ -135616,7 +135616,7 @@ CVE-2018-15633
 CVE-2018-15632
 	RESERVED
 CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 12.0 and  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-15630
 	RESERVED
 CVE-2018-15629
@@ -137352,11 +137352,11 @@ CVE-2018-14889 (CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 c
 CVE-2018-14888 (inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin be ...)
 	NOT-FOR-US: Eldenroot Thank You/Like plugin for MyBB
 CVE-2018-14887 (Improper Host header sanitization in the dbfilter routing component in ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14886 (The module-description renderer in Odoo Community 11.0 and earlier and ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14885 (Incorrect access control in the database manager component in Odoo Com ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14884 (An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.1 ...)
 	- php7.2 7.2.1-1
 	- php7.1 7.1.13-1
@@ -137427,25 +137427,25 @@ CVE-2018-14870
 CVE-2018-14869 (PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Add ...)
 	NOT-FOR-US: PHP Template Store Script
 CVE-2018-14868 (Incorrect access control in the Password Encryption module in Odoo Com ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14867 (Incorrect access control in the portal messaging system in Odoo Commun ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14866 (Incorrect access control in the TransientModel framework in Odoo Commu ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14865 (Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14864 (Incorrect access control in asset bundles in Odoo Community 9.0 throug ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14863 (Incorrect access control in the RPC framework in Odoo Community 8.0 th ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14862 (Incorrect access control in the mail templating system in Odoo Communi ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14861 (Improper data access control in Odoo Community 10.0 and 11.0 and Odoo  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14860 (Improper sanitization of dynamic user expressions in Odoo Community 11 ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14859 (Incorrect access control in the password reset component in Odoo Commu ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14858 (An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 ...)
 	NOT-FOR-US: idreamsoft iCMS
 CVE-2018-14857 (Unrestricted file upload (with remote code execution) in require/mail/ ...)
@@ -137797,7 +137797,7 @@ CVE-2018-14736 (An issue was discovered in libpbc.a in cloudwu PBC through 2017-
 CVE-2018-14735 (An Information Exposure issue was discovered in Hitachi Command Suite  ...)
 	NOT-FOR-US: Hitachi
 CVE-2018-14733 (The Odoo Community Association (OCA) dbfilter_from_header module makes ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2018-14734 (drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 all ...)
 	{DSA-4308-1 DLA-1531-1 DLA-1529-1}
 	- linux 4.17.14-1
@@ -199129,11 +199129,11 @@ CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authent
 	NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
 	NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
 CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise  ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2017-10802
 	RESERVED
 CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO  ...)
@@ -203050,7 +203050,7 @@ CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ar
 	NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
 	NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
 CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...)
 	NOT-FOR-US: Subsonic
 CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...)
@@ -214614,7 +214614,7 @@ CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service i
 CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...)
 	NOT-FOR-US: Unisys ClearPath
 CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: ...)
-	NOT-FOR-US: Odoo
+	- odoo <undetermined>
 CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...)
 	NOT-FOR-US: ViMbAdmin
 CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3bfa28e0ce20b8a745600d8da9508cc6886abc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e3bfa28e0ce20b8a745600d8da9508cc6886abc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201031/97441a60/attachment.html>

More information about the debian-security-tracker-commits mailing list