[Git][security-tracker-team/security-tracker][master] 3 commits: Add znuny commit for CVE-2021-36091

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Aug 5 19:15:56 BST 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
57a146ca by Salvatore Bonaccorso at 2021-08-05T20:09:02+02:00
Add znuny commit for CVE-2021-36091

- - - - -
115d4cef by Salvatore Bonaccorso at 2021-08-05T20:09:40+02:00
Add snuny commit for CVE-2021-21443

- - - - -
d74a1f60 by Salvatore Bonaccorso at 2021-08-05T20:09:54+02:00
Add snuny commit for CVE-2021-21440

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4461,6 +4461,7 @@ CVE-2021-36091 (Agents are able to list appointments in the calendars without re
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
+	NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
 CVE-2021-3632
 	RESERVED
@@ -40262,6 +40263,7 @@ CVE-2021-21443 (Agents are able to list customer user emails without required pe
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
+	NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
 CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
 	NOT-FOR-US: OTRS TimeAccounting module
@@ -40278,6 +40280,7 @@ CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys i
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+	NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
 CVE-2021-21439 (DoS attack can be performed when an email contains specially designed  ...)
 	- otrs2 6.0.32-5 (bug #989992)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210805/7713f47f/attachment.htm>


More information about the debian-security-tracker-commits mailing list