dla-needed.txt: Add note on CVE-2020-1769 in otrs2.

To: Chris Lamb <lamby@debian.org>
Cc: Debian LTS <debian-lts@lists.debian.org>
Subject: dla-needed.txt: Add note on CVE-2020-1769 in otrs2.
From: Abhijith PA <abhijith@disroot.org>
Date: Mon, 27 Apr 2020 22:26:10 +0530
Message-id: <[🔎] 787ec824-d4e2-d4ed-95c4-81d62ff916ff@disroot.org>

Hi Chris,

> ---
>  data/dla-needed.txt | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/data/dla-needed.txt b/data/dla-needed.txt
> index 071a4292d1..5dc070a663 100644
> --- a/data/dla-needed.txt
> +++ b/data/dla-needed.txt
> @@ -73,6 +73,10 @@ openjdk-7 (Roberto C. Sánchez)
>  --
>  otrs2
>    NOTE: 20200412: Asked upstream for clarity in CVE-2020-1769 patch (abhijith)
> +  NOTE: 20200427: Cannot find the above comment on the various commits/PRs, nor
> +  NOTE: 20200427: on the -dev mailing list. I suspect its entirely safe to

I sent mail directly to the committer.

> +  NOTE: 20200427: disable autocomplete without the cumbersome (and likely

Isn't autocomplete more of a browser dependent thing. I disabled
autocomplete (without the switches) and tested in firefox but it didn't
work.

Most online banking websites of Indian banks I've seen uses javascript
to get it work.


--abhijith

Reply to:

Follow-Ups:
- Re: dla-needed.txt: Add note on CVE-2020-1769 in otrs2.
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: (semi-)automatic unclaim of packages with more than 2 weeks of inactivity (and missing DLAs on www.do)
Next by Date: Re: Issues regarding ruby-rack/CVE-2019-16782
Previous by thread: Re: Limiting concurrent claims?
Next by thread: Re: dla-needed.txt: Add note on CVE-2020-1769 in otrs2.
Index(es):
- Date
- Thread