Are these CVEs fixed?

Hi, I wanted to know if those 2 CVEs were fixed.

if so, in what commit and what is the fixed version?

In general: We request CVE numbers after patching issues. This is to reduce users risk.
which hints to: Zammad Security Advisory ZAA-2020-19

So, yes, this issue has been fixed with Zammad 3.4.1 and 3.5.0.
Sorry, Iā€™m too lazy to look up the commit.

Same here:

ā€“> Security Advisory ZAA-2020-21 | Zammad

Fixed with Zammad 3.4.1 and 3.5.0.
Again, too lazy for looking up the commit. ;(

1 Like

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.