Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6fe5fda9 by Salvatore Bonaccorso at 2023-08-17T20:14:35+02:00
Add upstream tag references to several znuny commits
- - - - -
95609623 by Salvatore Bonaccorso at 2023-08-17T20:14:59+02:00
Update status for CVE-2021-21443 and CVE-2021-21440
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3280,7 +3280,7 @@ CVE-2023-38060 (Improper Input Validation vulnerability
in the ContentType param
[bookworm] - znuny <no-dsa> (Minor issue)
- otrs2 <removed>
[bullseye] - otrs2 <no-dsa> (Minor issue)
- NOTE:
https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836
+ NOTE:
https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836
(rel-6_5_3)
CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in
the agen ...)
NOT-FOR-US: OTRS
NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which
forked from 6.x
@@ -151793,10 +151793,10 @@ CVE-2021-36100 (Specially crafted string in OTRS
system configuration can allow
[buster] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/releases/znuny-6-3-2
NOTE: https://www.znuny.org/en/advisories/zsa-2022-02
- NOTE:
https://github.com/znuny/Znuny/commit/309ec536540201a5b2741314e928c54a792bb845
(znuny 6.0.41)
- NOTE:
https://github.com/znuny/Znuny/commit/f6fe8ca2e48a18680ace94df0d84eb1e2c26e685
(znuny 6.0.41)
- NOTE:
https://github.com/znuny/Znuny/commit/42458dad68f330e3f94294348de29e48cc9432c8
(znuny 6.0.41)
- NOTE:
https://github.com/znuny/Znuny/commit/02ac202c624bfccfd97e7f4ea95e0fd4adcf7a07
(znuny 6.0.41)
+ NOTE:
https://github.com/znuny/Znuny/commit/309ec536540201a5b2741314e928c54a792bb845
(rel-6_0_41)
+ NOTE:
https://github.com/znuny/Znuny/commit/f6fe8ca2e48a18680ace94df0d84eb1e2c26e685
(rel-6_0_41)
+ NOTE:
https://github.com/znuny/Znuny/commit/42458dad68f330e3f94294348de29e48cc9432c8
(rel-6_0_41)
+ NOTE:
https://github.com/znuny/Znuny/commit/02ac202c624bfccfd97e7f4ea95e0fd4adcf7a07
(rel-6_0_41)
CVE-2021-36099
RESERVED
CVE-2021-36098
@@ -151824,7 +151824,7 @@ CVE-2021-36091 (Agents are able to list appointments
in the calendars without re
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/
- NOTE:
https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
+ NOTE:
https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632
(rel-6_1_1)
NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
CVE-2021-3632 (A flaw was found in Keycloak. This vulnerability allows anyone
to regi ...)
NOT-FOR-US: Keycloak
@@ -189524,9 +189524,9 @@ CVE-2021-21443 (Agents are able to list customer user
emails without required pe
- otrs2 6.0.32-6 (bug #991593)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
+ - znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-13/
- NOTE:
https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
- NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
+ NOTE:
https://github.com/znuny/Znuny/commit/48ee5532911be5453cc8bed1e437a64c21bcc072
(rel-6_1_1)
CVE-2021-21442 (In the project create screen it's possible to inject malicious
JS code ...)
NOT-FOR-US: OTRS TimeAccounting module
CVE-2021-21441 (There is a XSS vulnerability in the ticket overview screens.
It's poss ...)
@@ -189535,21 +189535,21 @@ CVE-2021-21441 (There is a XSS vulnerability in the
ticket overview screens. It'
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-11/
- NOTE: Fixed by:
https://github.com/znuny/Znuny/commit/48b8d2bc85280d702bd0d21783f5d31e2fa5fa51
(znuny 6.0.34)
+ NOTE: Fixed by:
https://github.com/znuny/Znuny/commit/48b8d2bc85280d702bd0d21783f5d31e2fa5fa51
(rel-6_0_34)
CVE-2021-21440 (Generated Support Bundles contains private S/MIME and PGP keys
if cont ...)
- otrs2 6.0.32-6 (bug #991593)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
+ - znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-10/
- NOTE:
https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
- NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
src:otrs2 is the znuny fork)
+ NOTE:
https://github.com/znuny/Znuny/commit/c5c90087d4187da5c456a80289fa088a19511934
(rel-6_1_1)
CVE-2021-21439 (DoS attack can be performed when an email contains specially
designed ...)
- otrs2 6.0.32-5 (bug #989992)
[buster] - otrs2 <no-dsa> (Non-free not supported)
[stretch] - otrs2 <no-dsa> (Non-free not supported)
- znuny <not-affected> (Fixed before initial upload to Debian)
NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
- NOTE: Fixed by:
https://github.com/znuny/Znuny/commit/b67e43f73dbb3c029504a082c7807677ed091d23
(znuny 6.0.33)
+ NOTE: Fixed by:
https://github.com/znuny/Znuny/commit/b67e43f73dbb3c029504a082c7807677ed091d23
(rel-6_0_33)
CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions
(define ...)
NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
CVE-2021-21437 (Agents are able to see linked Config Items without
permissions, which ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/11547d967b5bc1196bb9aea903d00bfecf28a613...956096234d81caa2c603578351abcb9f518143ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/11547d967b5bc1196bb9aea903d00bfecf28a613...956096234d81caa2c603578351abcb9f518143ff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
