[Git][security-tracker-team/security-tracker][master] Triage Odoo issues

Sebastien Delafond Mon, 28 Dec 2020 01:36:28 -0800


Sebastien Delafond pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7605e076 by Sébastien Delafond at 2020-12-28T10:34:45+01:00
Triage Odoo issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6658,9 +6658,8 @@ CVE-2020-29398
 CVE-2020-29397
        RESERVED
 CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and 
Odoo Enterp ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63712
-       TODO: check, unclear what upstream fix is
 CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows 
addons/?q= XSS v ...)
        NOT-FOR-US: EventON plugin for WordPress
 CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in 
dlt_common.c in d ...)
@@ -104898,29 +104897,23 @@ CVE-2019-11788
 CVE-2019-11787
        RESERVED
 CVE-2019-11786 (Improper access control in Odoo Community 13.0 and earlier and 
Odoo En ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63711
-       TODO: check
 CVE-2019-11785 (Improper access control in mail module (followers) in Odoo 
Community 1 ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63710
-       TODO: check
 CVE-2019-11784 (Improper access control in mail module (notifications) in Odoo 
Communi ...)
-       - odoo <undetermined>
+       - odoo 14.0.0+dfsg.2-1
        NOTE: https://github.com/odoo/odoo/issues/63709
-       TODO: check
 CVE-2019-11783 (Improper access control in mail module (channel partners) in 
Odoo Comm ...)
-       - odoo <undetermined>
+       - odoo 14.0.0+dfsg.2-1
        NOTE: https://github.com/odoo/odoo/issues/63708
-       TODO: check
 CVE-2019-11782 (Improper access control in Odoo Community 14.0 and earlier and 
Odoo En ...)
-       - odoo <undetermined>
+       - odoo 14.0.0+dfsg.2-1
        NOTE: https://github.com/odoo/odoo/issues/63707
-       TODO: check
 CVE-2019-11781 (Improper input validation in portal component in Odoo 
Community 12.0 a ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63706
-       TODO: check
 CVE-2019-11780 (Improper access control in the computed fields system of the 
framework ...)
        - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/42196
@@ -149015,9 +149008,8 @@ CVE-2018-15647
 CVE-2018-15646
        RESERVED
 CVE-2018-15645 (Improper access control in message routing in Odoo Community 
12.0 and  ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63705
-       TODO: check
 CVE-2018-15644
        RESERVED
 CVE-2018-15643
@@ -149025,18 +149017,16 @@ CVE-2018-15643
 CVE-2018-15642
        RESERVED
 CVE-2018-15641 (Cross-site scripting (XSS) issue in web module in Odoo 
Community 11.0  ...)
-       - odoo <undetermined>
+       - odoo 14.0.0+dfsg.2-1
        NOTE: https://github.com/odoo/odoo/issues/63704
-       TODO: check
 CVE-2018-15640 (Improper access control in the Helpdesk App of Odoo Enterprise 
10.0 th ...)
        - odoo <not-affected> (Only in enterprise version)
        NOTE: https://github.com/odoo/odoo/issues/32514
 CVE-2018-15639
        RESERVED
 CVE-2018-15638 (Cross-site scripting (XSS) issue in mail module in Odoo 
Community 13.0 ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63703
-       TODO: check
 CVE-2018-15637
        RESERVED
 CVE-2018-15636
@@ -149045,17 +149035,14 @@ CVE-2018-15635 (Cross-site scripting vulnerability 
in the Discuss App of Odoo Co
        - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/32515
 CVE-2018-15634 (Cross-site scripting (XSS) issue in attachment management in 
Odoo Comm ...)
-       - odoo <undetermined>
+       - odoo 14.0.0+dfsg.2-1
        NOTE: https://github.com/odoo/odoo/issues/63702
-       TODO: check
 CVE-2018-15633 (Cross-site scripting (XSS) issue in "document" module in Odoo 
Communit ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63701
-       TODO: check
 CVE-2018-15632 (Improper input validation in database creation logic in Odoo 
Community ...)
-       - odoo <undetermined>
+       - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/63700
-       TODO: check
 CVE-2018-15631 (Improper access control in the Discuss App of Odoo Community 
12.0 and  ...)
        - odoo <not-affected> (Fixed before initial upload to Debian)
        NOTE: https://github.com/odoo/odoo/issues/32514



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605e0764b76b6ba7bc780c1625f2893b92d8933

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7605e0764b76b6ba7bc780c1625f2893b92d8933
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Triage Odoo issues

Reply via email to