[Git][security-tracker-team/security-tracker][master] new otrs issue

Tue, 15 Jun 2021 01:41:10 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f2a029b2 by Moritz Muehlenhoff at 2021-06-15T10:40:36+02:00
new otrs issue
fill in details for keystone issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2667,9 +2667,11 @@ CVE-2021-33498
        RESERVED
 CVE-2021-3563
        RESERVED
-       - keystone <undetermined>
+       - keystone <unfixed>
+       [bullseye] - keystone <no-dsa> (Minor issue)
+       [buster] - keystone <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
-       TODO: scarce details on it if there are upstream references, try to get 
more information
+       NOTE: https://bugs.launchpad.net/keystone/+bug/1901891
 CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory 
Traversal for de ...)
        NOT-FOR-US: Dutchcoders transfer.sh
 CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline 
view. ...)
@@ -31821,7 +31823,10 @@ CVE-2021-21441
 CVE-2021-21440
        RESERVED
 CVE-2021-21439 (DoS attack can be performed when an email contains specially 
designed  ...)
-       TODO: check
+       - otrs2 <unfixed>
+       NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-09/
+       NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye
+       NOTE: src:otrs2 is the znuny fork)
 CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions 
(define ...)
        NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
 CVE-2021-21437 (Agents are able to see linked Config Items without 
permissions, which  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2a029b2017593452dcd69be52fb5d7eb091ef5a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to