[Git][security-tracker-team/security-tracker][master] mark otrs2 unsupported. zziplib libphp-phpmailer postponed for stretch

Abhijith PA (@abhijith) abhijith at debian.org
Sat Jun 19 20:11:21 BST 2021 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4758a9d by Abhijith PA at 2021-06-20T00:40:49+05:30
mark otrs2 unsupported. zziplib libphp-phpmailer postponed for stretch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -758,6 +758,7 @@ CVE-2021-3605 [Heap buffer overflow in the rleUncompress function]
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036
 CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...)
 	- libphp-phpmailer <unfixed>
+	[stretch] - libphp-phpmailer <postponed> (Minor issue, fix along with next DLA)
 	NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/
 	NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0)
 CVE-2021-3602
@@ -32686,6 +32687,7 @@ CVE-2021-21442
 CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens. It's poss ...)
 	- otrs2 6.0.32-5 (bug #989992)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
 	NOTE: src:otrs2 is the znuny fork)
@@ -32694,6 +32696,7 @@ CVE-2021-21440
 CVE-2021-21439 (DoS attack can be performed when an email contains specially designed  ...)
 	- otrs2 6.0.32-5 (bug #989992)
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <no-dsa> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
 	NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
 	NOTE: src:otrs2 is the znuny fork)
@@ -68243,6 +68246,7 @@ CVE-2020-18443
 	RESERVED
 CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...)
 	- zziplib <unfixed>
+	[stretch] - zziplib <postponed> (Minor issue, fix along with next DLA)
 	NOTE: https://github.com/gdraheim/zziplib/issues/68
 CVE-2020-18441
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4758a9d3e56f0d7b610550e9d552ffefe93a3ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4758a9d3e56f0d7b610550e9d552ffefe93a3ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210619/afebf2f2/attachment.htm>

More information about the debian-security-tracker-commits mailing list