Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
57a146ca by Salvatore Bonaccorso at 2021-08-05T20:09:02+02:00
Add znuny commit for CVE-2021-36091
- - - - -
115d4cef by Salvatore Bonaccorso at 2021-08-05T20:09:40+02:00
Add snuny commit for CVE-2021-21443
- - - - -
d74a1f60 by Salvatore Bonaccorso at 2021-08-05T20:09:54+02:00
Add snuny commit for CVE-2021-21440
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4461,6 +4461,7 @@ CVE-2021-36091 (Agents are able to list appointments in
the calendars without re
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
+ NOTE:
https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
CVE-2021-3632
RESERVED
@@ -40262,6 +40263,7 @@ CVE-2021-21443 (Agents are able to list customer user
emails without required pe
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
+ NOTE:
https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
CVE-2021-21442 (In the project create screen it's possible to inject malicious
JS code ...)
NOT-FOR-US: OTRS TimeAccounting module
@@ -40278,6 +40280,7 @@ CVE-2021-21440 (Generated Support Bundles contains
private S/MIME and PGP keys i
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
+ NOTE:
https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
CVE-2021-21439 (DoS attack can be performed when an email contains specially
designed ...)
- otrs2 6.0.32-5 (bug #989992)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6761335f87dc0151fdc823e08ce753ba8b53d856...d74a1f60eb5d566ac287f20a3dc0db6f16c4369a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
