[Git][security-tracker-team/security-tracker][master] 4 commits: remark CVE-2020-11023 from no-dsa to ignored as non-free is not supported
Thorsten Alteholz
alteholz at debian.org
Fri Feb 12 22:00:27 GMT 2021
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3f391dd4 by Thorsten Alteholz at 2021-02-12T22:46:55+01:00
remark CVE-2020-11023 from no-dsa to ignored as non-free is not supported
- - - - -
65b8e35c by Thorsten Alteholz at 2021-02-12T22:48:35+01:00
mark CVE-2021-21252 as ignored for Buster and Stretch as non-free is not supported
- - - - -
59113cd7 by Thorsten Alteholz at 2021-02-12T22:49:51+01:00
mark CVE-2020-11022 as ignored for Stretch as non-free is not supported
- - - - -
dc64a845 by Thorsten Alteholz at 2021-02-12T22:55:51+01:00
mark all other otrs2 CVEs as ignored for Stretch as non-free is not supported
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14395,6 +14395,8 @@ CVE-2021-21253 (OnlineVotingSystem is an open source project hosted on GitHub. O
CVE-2021-21252 (The jQuery Validation Plugin provides drop-in validation for your exis ...)
- civicrm <unfixed> (bug #980892)
- otrs2 <unfixed> (bug #980891)
+ [buster] - otrs2 <ignored> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
- phpmyadmin 4:5.0.4+dfsg2-2
[stretch] - phpmyadmin <no-dsa> (Minor issue; barely an issue in the phpmyadmin package)
NOTE: https://github.com/jquery-validation/jquery-validation/security/advisories/GHSA-jxwx-85vp-gvwm
@@ -67745,7 +67747,7 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
[buster] - node-jquery <no-dsa> (Minor issue)
- otrs2 6.0.30-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
NOTE: https://www.drupal.org/sa-core-2020-002
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
@@ -67761,7 +67763,7 @@ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0
[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
- otrs2 6.0.30-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
NOTE: https://www.drupal.org/sa-core-2020-002
@@ -92663,7 +92665,7 @@ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed
CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...)
- otrs2 6.0.29-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
- otrs2 <not-affected> (ONly affects 7.x and 8.x series)
@@ -92672,14 +92674,14 @@ CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported fil
{DLA-2198-1}
- otrs2 6.0.28-1 (bug #959448)
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
NOTE: Fixed in 7.0.17, 6.0.28
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
- otrs2 6.0.27-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -92689,7 +92691,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
{DLA-2198-1}
- otrs2 6.0.27-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
@@ -92697,7 +92699,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...)
- otrs2 6.0.27-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
NOTE: Fixed in 7.0.16, 6.0.27
@@ -92706,7 +92708,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
{DLA-2198-1}
- otrs2 6.0.27-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
@@ -92714,7 +92716,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
- otrs2 6.0.27-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -92727,14 +92729,14 @@ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then A
{DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
{DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
@@ -92742,7 +92744,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
{DLA-2079-1}
- otrs2 6.0.25-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
@@ -99788,14 +99790,14 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code
CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
- otrs2 6.0.24-1 (bug #945251)
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
{DLA-2053-1}
- otrs2 6.0.24-1 (bug #945251)
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
NOT-FOR-US: FreeRTOS+FAT
@@ -104507,7 +104509,7 @@ CVE-2019-16376
CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
- otrs2 6.0.23-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <no-dsa> (Minor issue)
NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x)
@@ -115051,7 +115053,7 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
{DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
@@ -117108,7 +117110,7 @@ CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Com
{DLA-1877-1}
- otrs2 6.0.20-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627
@@ -117687,7 +117689,7 @@ CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
{DLA-1816-1}
- otrs2 6.0.19-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57
@@ -118421,7 +118423,7 @@ CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
{DLA-1816-1}
- otrs2 6.0.19-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
@@ -121280,7 +121282,7 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
- mediawiki 1:1.31.2-1
- otrs2 6.0.26-1
[buster] - otrs2 <ignored> (Non-free not supported)
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://www.drupal.org/sa-core-2019-006
NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
@@ -124667,7 +124669,7 @@ CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x
CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (vulnerable code is not present)
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e
@@ -125183,7 +125185,7 @@ CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x
{DLA-1774-1}
- otrs2 6.0.18-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
@@ -126511,20 +126513,20 @@ CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x
CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
{DLA-1721-1}
- otrs2 6.0.16-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810
NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15
CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...)
- otrs2 6.0.17-1
[buster] - otrs2 6.0.16-2
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a
CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...)
- otrs2 6.0.14-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
[jessie] - otrs2 <not-affected> (Vulnerable code not present)
NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
@@ -154464,7 +154466,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth
CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
{DLA-1592-1}
- otrs2 6.0.1-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
NOTE: Add workaround and mark first 6.x version as fixing version
@@ -154476,7 +154478,7 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an
CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...)
{DLA-1592-1}
- otrs2 6.0.13-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...)
- kio-extras 4:18.08.3-1 (bug #913595)
@@ -174603,7 +174605,7 @@ CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user
CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
{DLA-1877-1}
- otrs2 6.0.8-1
- [stretch] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <ignored> (Non-free not supported)
NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f
CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c7d4a55505d63e232458cdacfbe9390bca5090c0...dc64a845753acf62114dda9f7780e3f0108a2093
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c7d4a55505d63e232458cdacfbe9390bca5090c0...dc64a845753acf62114dda9f7780e3f0108a2093
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210212/8ad74cf3/attachment.html>
More information about the debian-security-tracker-commits
mailing list