[Git][security-tracker-team/security-tracker][master] OTRS n/a

Mon, 01 Mar 2021 05:17:40 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4f2f279 by Moritz Muehlenhoff at 2021-03-01T14:16:35+01:00
OTRS n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14907,9 +14907,7 @@ CVE-2021-21437
 CVE-2021-21436 (Agents are able to see and link Config Items without 
permissions, whic ...)
        NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown 
when custo ...)
-       - otrs2 <unfixed> (bug #982586)
-       [buster] - otrs2 <ignored> (Non-free not supported)
-       [stretch] - otrs2 <ignored> (Non-free not supported)
+       - otrs2 <not-affected> (Doesn't affect OTRS as packaged in Debian, see 
bug #982586)
        NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-02/
 CVE-2021-21434 (Survey administrator can craft a survey in such way that 
malicious cod ...)
        NOT-FOR-US: OTRS Survey addon
@@ -160478,13 +160476,11 @@ CVE-2018-17439 (An issue was discovered in the HDF 
HDF5 1.10.3 library. There is
        NOTE: 
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#stack-overflow-in-h5s_extent_get_dims
        NOTE: https://jira.hdfgroup.org/browse/HDFFV-10589
 CVE-2018-17438 (A SIGFPE signal is raised in the function H5D__select_io() of 
H5Dselec ...)
-       - hdf5 <unfixed> (low)
-       [buster] - hdf5 <no-dsa> (Minor issue)
-       [stretch] - hdf5 <no-dsa> (Minor issue)
-       [jessie] - hdf5 <ignored> (Minor issue)
+       - hdf5 1.10.6+repack-1 (unimportant)
        NOTE: 
https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect
        NOTE: https://jira.hdfgroup.org/browse/HDFFV-10587
        NOTE: fix in develop branch: 
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/7add52ff4f2443357648d53d52add274d1b18b5f
+       NOTE: Negligible security impact
 CVE-2018-17437 (Memory leak in the H5O_dtype_decode_helper() function in 
H5Odtype.c in ...)
        - hdf5 1.10.6+repack-2 (low)
        [buster] - hdf5 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f2f27997735e0ce69c6986ae6cc2a382b65b2f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4f2f27997735e0ce69c6986ae6cc2a382b65b2f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to