diff options
author | Thorsten Alteholz <debian@alteholz.de> | 2021-02-12 22:55:51 +0100 |
---|---|---|
committer | Thorsten Alteholz <debian@alteholz.de> | 2021-02-12 22:55:51 +0100 |
commit | 98aa36a771e2c25264da64e0f84798eac0cd9242 (patch) | |
tree | dc1d9056c49349c1b90ec0d7c350af4efae38f65 /data/CVE | |
parent | a5e4c5707d89fd003a02ef03bb6f550ceed43d7c (diff) |
mark all other otrs2 CVEs as ignored for Stretch as non-free is not supported
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 24 | ||||
-rw-r--r-- | data/CVE/2020.list | 20 |
3 files changed, 26 insertions, 26 deletions
diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 385db61be8..b20248688f 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -1127,7 +1127,7 @@ CVE-2018-20801 (In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the us NOT-FOR-US: Highcharts JS CVE-2018-20800 (An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 an ...) - otrs2 6.0.14-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2018-10-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8d17d58029efbb0bba25c4208e09e2d320eeb0c3 @@ -6133,7 +6133,7 @@ CVE-2018-19121 (An issue has been found in libIEC61850 v1.3. It is a SEGV in Eth CVE-2018-19141 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before ...) {DLA-1592-1} - otrs2 6.0.1-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/ NOTE: Only the 4.x and 5.x series are affected (and possibly earlier versions). NOTE: Add workaround and mark first 6.x version as fixing version @@ -6145,7 +6145,7 @@ CVE-2018-19142 (Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an CVE-2018-19143 (Open Ticket Request System (OTRS) 4.0.x before 4.0.33, 5.0.x before 5. ...) {DLA-1592-1} - otrs2 6.0.13-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/ CVE-2018-19120 (The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...) - kio-extras 4:18.08.3-1 (bug #913595) @@ -25788,7 +25788,7 @@ CVE-2018-11564 (Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user CVE-2018-11563 (An issue was discovered in Open Ticket Request System (OTRS) 6.0.x thr ...) {DLA-1877-1} - otrs2 6.0.8-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2018-02-security-update-for-otrs-framework/ NOTE: https://github.com/OTRS/otrs/commit/50861a2a1183a07daf99cc2e71395e79f022338f CVE-2018-11562 (An issue was discovered in MISP 2.4.91. A vulnerability in app/View/El ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 6ac4ba105d..0dad2f5821 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7278,14 +7278,14 @@ CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...) - otrs2 6.0.24-1 (bug #945251) [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/ CVE-2019-18179 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-2053-1} - otrs2 6.0.24-1 (bug #945251) [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/ CVE-2019-18178 (Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The fun ...) NOT-FOR-US: FreeRTOS+FAT @@ -11541,7 +11541,7 @@ CVE-2019-16376 CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) - otrs2 6.0.23-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <no-dsa> (Minor issue) NOTE: https://community.otrs.com/security-advisory-2019-13-security-update-for-otrs-framework/ NOTE: https://github.com/OTRS/otrs/commit/aeb33d800716e2a6653597aa86314c4cbdadb678 (6.x) @@ -19407,7 +19407,7 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 {DLA-1877-1} - otrs2 6.0.20-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2 @@ -21406,7 +21406,7 @@ CVE-2019-12746 (An issue was discovered in Open Ticket Request System (OTRS) Com {DLA-1877-1} - otrs2 6.0.20-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/fab16a8e54aaf033f460e5f98c673248f29ea49c NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/cc08cb7df9f6dde05de2f8c6cbd59cd5d0952627 @@ -21983,7 +21983,7 @@ CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 {DLA-1816-1} - otrs2 6.0.19-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-09-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/f8bcf08dfc5f06915c1352c07e5f626f9b5ecfc2 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4cc3f0e24937fa53870132003aec6af460b9b57 @@ -22690,7 +22690,7 @@ CVE-2019-12248 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 {DLA-1816-1} - otrs2 6.0.19-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-08-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/4e06ef439c33e7d90af16451719415c780e0c29c NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/0713999042e3ce7fa60067d3cd165206899224bf @@ -25433,7 +25433,7 @@ CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other - mediawiki 1:1.31.2-1 - otrs2 6.0.26-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://www.drupal.org/sa-core-2019-006 NOTE: https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ NOTE: https://github.com/DanielRuf/snyk-js-jquery-174006?files=1 @@ -28780,7 +28780,7 @@ CVE-2019-10068 (An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x CVE-2019-10067 (An issue was discovered in Open Ticket Request System (OTRS) 7.x throu ...) - otrs2 6.0.18-1 [buster] - otrs2 6.0.16-2 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (vulnerable code is not present) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/8a489236336ddc82e745c27abb32dfa1ceefb0f4 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/67158d8b08309859572c795982ecc7c52484ab0e @@ -29290,7 +29290,7 @@ CVE-2019-9892 (An issue was discovered in Open Ticket Request System (OTRS) 5.x {DLA-1774-1} - otrs2 6.0.18-1 [buster] - otrs2 6.0.16-2 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/3617488c6c28e06203e4127c7b031140f775a685 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/c3b9342a85c6f2c9382e074ad9cc440ce80a6f34 NOTE: https://community.otrs.com/security-advisory-2019-04-security-update-for-otrs-framework/ @@ -30567,14 +30567,14 @@ CVE-2019-9753 (An issue was discovered in Open Ticket Request System (OTRS) 7.x CVE-2019-9752 (An issue was discovered in Open Ticket Request System (OTRS) 5.x befor ...) {DLA-1721-1} - otrs2 6.0.16-1 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://community.otrs.com/security-advisory-2019-01-security-update-for-otrs-framework/ NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/341c4096222819a108feb02256aba878943bf810 NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/d4e3dfbaa054762b29df54705aa412685dd37e15 CVE-2019-9751 (An issue was discovered in Open Ticket Request System (OTRS) 6.x befor ...) - otrs2 6.0.17-1 [buster] - otrs2 6.0.16-2 - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code not present) NOTE: https://community.otrs.com/security-advisory-2019-02-security-update-for-otrs-framework NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/1afb2b995e59551b927c2105e234e8b87efcc37a diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 92c4817dec..6db1dc06db 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -66543,7 +66543,7 @@ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...) - otrs2 6.0.29-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/ CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...) - otrs2 <not-affected> (ONly affects 7.x and 8.x series) @@ -66552,14 +66552,14 @@ CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported fil {DLA-2198-1} - otrs2 6.0.28-1 (bug #959448) [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/ NOTE: Fixed in 7.0.17, 6.0.28 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342 CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...) - otrs2 6.0.27-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <no-dsa> (Too intrusive to backport) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 @@ -66569,7 +66569,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b @@ -66577,7 +66577,7 @@ CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in t CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...) - otrs2 6.0.27-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <not-affected> (Vulnerable code introduced in later version) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/ NOTE: Fixed in 7.0.16, 6.0.27 @@ -66586,7 +66586,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95 @@ -66594,7 +66594,7 @@ CVE-2020-1770 (Support bundle generated files could contain sensitive informatio CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...) - otrs2 6.0.27-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) [jessie] - otrs2 <no-dsa> (https://lists.debian.org/debian-lts/2020/04/msg00040.html) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 @@ -66607,14 +66607,14 @@ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then A {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/ NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/ NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5) @@ -66622,7 +66622,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 <ignored> (Non-free not supported) - [stretch] - otrs2 <no-dsa> (Non-free not supported) + [stretch] - otrs2 <ignored> (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/ NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) |