[Git][security-tracker-team/security-tracker][master] OTRS n/a

Moritz Muehlenhoff jmm at debian.org
Mon Mar 1 13:17:32 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4f2f279 by Moritz Muehlenhoff at 2021-03-01T14:16:35+01:00
OTRS n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14907,9 +14907,7 @@ CVE-2021-21437
 CVE-2021-21436 (Agents are able to see and link Config Items without permissions, whic ...)
 	NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown when custo ...)
-	- otrs2 <unfixed> (bug #982586)
-	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <ignored> (Non-free not supported)
+	- otrs2 <not-affected> (Doesn't affect OTRS as packaged in Debian, see bug #982586)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
 CVE-2021-21434 (Survey administrator can craft a survey in such way that malicious cod ...)
 	NOT-FOR-US: OTRS Survey addon
@@ -160478,13 +160476,11 @@ CVE-2018-17439 (An issue was discovered in the HDF HDF5 1.10.3 library. There is
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
 CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of H5Dselec ...)
-	- hdf5 <unfixed> (low)
-	[buster] - hdf5 <no-dsa> (Minor issue)
-	[stretch] - hdf5 <no-dsa> (Minor issue)
-	[jessie] - hdf5 <ignored> (Minor issue)
+	- hdf5 1.10.6+repack-1 (unimportant)
 	NOTE: https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
 	NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
 	NOTE: fix in develop branch: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
+	NOTE: Negligible security impact
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in ...)
 	- hdf5 1.10.6+repack-2 (low)
 	[buster] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f2f27997735e0ce69c6986ae6cc2a382b65b2f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f2f27997735e0ce69c6986ae6cc2a382b65b2f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210301/05e3d96c/attachment.htm>

More information about the debian-security-tracker-commits mailing list