Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8b70759 by Moritz Muehlenhoff at 2020-03-31T11:56:23+02:00
otrs2 fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -23281,7 +23281,7 @@ CVE-2020-1775
CVE-2020-1774
RESERVED
CVE-2020-1773 (It's possible that an authenticated user guess other session
IDs based ...)
- - otrs2 <unfixed>
+ - otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
@@ -23289,22 +23289,22 @@ CVE-2020-1773 (It's possible that an authenticated
user guess other session IDs
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77
CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in
the To ...)
- - otrs2 <unfixed>
+ - otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
- NOTE: Fixed in 7.0.16, 6.0.25, 5.0.42
+ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7
CVE-2020-1771 (Attacker is able craft an article with a link to the customer
address ...)
- - otrs2 <unfixed>
+ - otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
NOTE: Fixed in 7.0.16, 6.0.27
NOTE:
https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2
CVE-2020-1770 (Support bundle generated files could contain sensitive
information tha ...)
- - otrs2 <unfixed>
+ - otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
@@ -23312,7 +23312,7 @@ CVE-2020-1770 (Support bundle generated files could
contain sensitive informatio
NOTE: OTRS6:
https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
NOTE: OTRS5:
https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d
CVE-2020-1769 (In the login screens (in agent and customer interface),
Username and P ...)
- - otrs2 <unfixed>
+ - otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b70759b6d4e998795557c5f62775ea012a0012
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a8b70759b6d4e998795557c5f62775ea012a0012
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
