[Git][security-tracker-team/security-tracker][master] 3 commits: Add znuny commit for CVE-2021-36091
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Aug 5 19:15:56 BST 2021
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
57a146ca by Salvatore Bonaccorso at 2021-08-05T20:09:02+02:00
Add znuny commit for CVE-2021-36091
- - - - -
115d4cef by Salvatore Bonaccorso at 2021-08-05T20:09:40+02:00
Add snuny commit for CVE-2021-21443
- - - - -
d74a1f60 by Salvatore Bonaccorso at 2021-08-05T20:09:54+02:00
Add snuny commit for CVE-2021-21440
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4461,6 +4461,7 @@ CVE-2021-36091 (Agents are able to list appointments in the calendars without re
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
+ NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
CVE-2021-3632
RESERVED
@@ -40262,6 +40263,7 @@ CVE-2021-21443 (Agents are able to list customer user emails without required pe
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
+ NOTE: https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
CVE-2021-21442 (In the project create screen it's possible to inject malicious JS code ...)
NOT-FOR-US: OTRS TimeAccounting module
@@ -40278,6 +40280,7 @@ CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys i
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE: https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork)
CVE-2021-21439 (DoS attack can be performed when an email contains specially designed ...)
- otrs2 6.0.32-5 (bug #989992)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210805/7713f47f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list