mark all other otrs2 CVEs as ignored for Stretch as non-free is not supported

author: Thorsten Alteholz <debian@alteholz.de> 2021-02-12 22:55:51 +0100
committer: Thorsten Alteholz <debian@alteholz.de> 2021-02-12 22:55:51 +0100
commit: 98aa36a771e2c25264da64e0f84798eac0cd9242 (patch)
tree: dc1d9056c49349c1b90ec0d7c350af4efae38f65 /data/CVE
parent: a5e4c5707d89fd003a02ef03bb6f550ceed43d7c (diff)
3 files changed, 26 insertions, 26 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 385db61be8..b20248688f 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1127,7 +1127,7 @@ CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the us
 	NOT-FOR-US: Highcharts JS
 CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...)
 	- otrs2 6.0.14-1
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <not-affected> (Vulnerable code not present)
 	NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3
@@ -6133,7 +6133,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth
 CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...)
 	{DLA-1592-1}
 	- otrs2 6.0.1-1
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
 	NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions).
 	NOTE: Add workaround and mark first 6.x version as fixing version
@@ -6145,7 +6145,7 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an
 CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...)
 	{DLA-1592-1}
 	- otrs2 6.0.13-1
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/
 CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows  ...)
 	- kio-extras 4:18.08.3-1 (bug #913595)
@@ -25788,7 +25788,7 @@ CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user
 CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...)
 	{DLA-1877-1}
 	- otrs2 6.0.8-1
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/
 	NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f
 CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 6ac4ba105d..0dad2f5821 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -7278,14 +7278,14 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code
 CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...)
 	- otrs2 6.0.24-1 (bug #945251)
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <not-affected> (vulnerable code not present)
 	NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
 CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
 	{DLA-2053-1}
 	- otrs2 6.0.24-1 (bug #945251)
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
 CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...)
 	NOT-FOR-US: FreeRTOS+FAT
@@ -11541,7 +11541,7 @@ CVE-2019-16376
 CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
 	- otrs2 6.0.23-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <no-dsa> (Minor issue)
 	NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/
 	NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x)
@@ -19407,7 +19407,7 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	{DLA-1877-1}
 	- otrs2 6.0.20-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
 	NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a
 	NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2
@@ -21406,7 +21406,7 @@ CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Com
 	{DLA-1877-1}
 	- otrs2 6.0.20-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627
@@ -21983,7 +21983,7 @@ CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	{DLA-1816-1}
 	- otrs2 6.0.19-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57
@@ -22690,7 +22690,7 @@ CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0
 	{DLA-1816-1}
 	- otrs2 6.0.19-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf
@@ -25433,7 +25433,7 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
 	- mediawiki 1:1.31.2-1
 	- otrs2 6.0.26-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://www.drupal.org/sa-core-2019-006
 	NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
 	NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1
@@ -28780,7 +28780,7 @@ CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x
 CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...)
 	- otrs2 6.0.18-1
 	[buster] - otrs2 6.0.16-2
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <not-affected> (vulnerable code is not present)
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e
@@ -29290,7 +29290,7 @@ CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x
 	{DLA-1774-1}
 	- otrs2 6.0.18-1
 	[buster] - otrs2 6.0.16-2
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34
 	NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/
@@ -30567,14 +30567,14 @@ CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x
 CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...)
 	{DLA-1721-1}
 	- otrs2 6.0.16-1
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810
 	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15
 CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...)
 	- otrs2 6.0.17-1
 	[buster] - otrs2 6.0.16-2
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <not-affected> (Vulnerable code not present)
 	NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework
 	NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 92c4817dec..6db1dc06db 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -66543,7 +66543,7 @@ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed
 CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging  ...)
 	- otrs2 6.0.29-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/
 CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...)
 	- otrs2 <not-affected> (ONly affects 7.x and 8.x series)
@@ -66552,14 +66552,14 @@ CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported fil
 	{DLA-2198-1}
 	- otrs2 6.0.28-1 (bug #959448)
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/
 	NOTE: Fixed in 7.0.17, 6.0.28
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342
 CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...)
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <no-dsa> (Too intrusive to backport)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -66569,7 +66569,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
 	{DLA-2198-1}
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b
@@ -66577,7 +66577,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t
 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address  ...)
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/
 	NOTE: Fixed in 7.0.16, 6.0.27
@@ -66586,7 +66586,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
 	{DLA-2198-1}
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
 	NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95
@@ -66594,7 +66594,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio
 CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...)
 	- otrs2 6.0.27-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	[jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/
 	NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42
@@ -66607,14 +66607,14 @@ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then A
 	{DLA-2079-1}
 	- otrs2 6.0.25-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/
 	NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570
 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...)
 	{DLA-2079-1}
 	- otrs2 6.0.25-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/
 	NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6)
 	NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5)
@@ -66622,7 +66622,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
 	{DLA-2079-1}
 	- otrs2 6.0.25-1
 	[buster] - otrs2 <ignored> (Non-free not supported)
-	[stretch] - otrs2 <no-dsa> (Non-free not supported)
+	[stretch] - otrs2 <ignored> (Non-free not supported)
 	NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/
 	NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6)
 	NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
author	Thorsten Alteholz <debian@alteholz.de>	2021-02-12 22:55:51 +0100
committer	Thorsten Alteholz <debian@alteholz.de>	2021-02-12 22:55:51 +0100
commit	98aa36a771e2c25264da64e0f84798eac0cd9242 (patch)
tree	dc1d9056c49349c1b90ec0d7c350af4efae38f65 /data/CVE
parent	a5e4c5707d89fd003a02ef03bb6f550ceed43d7c (diff)