[Git][security-tracker-team/security-tracker][master] new golang-gogoprotobuf issue

Moritz Muehlenhoff Thu, 21 Jan 2021 03:12:36 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0907e376 by Moritz Muehlenhoff at 2021-01-21T12:11:53+01:00
new golang-gogoprotobuf issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3838,7 +3838,8 @@ CVE-2021-3123
 CVE-2021-3122
        RESERVED
 CVE-2021-3121 (An issue was discovered in GoGo Protobuf before 1.3.2. 
plugin/unmarsha ...)
-       TODO: check
+       - golang-gogoprotobuf <unfixed>
+       NOTE: 
https://github.com/gogo/protobuf/commit/b03c65ea87cdc3521ede29f62fe3ce239267c1bc
 CVE-2021-3120
        RESERVED
 CVE-2021-3119
@@ -4870,7 +4871,7 @@ CVE-2021-23328
 CVE-2021-23327
        RESERVED
 CVE-2021-23326 (This affects the package @graphql-tools/git-loader before 
6.2.6. The u ...)
-       TODO: check
+       NOT-FOR-US: graphql-tools/git-loader
 CVE-2021-23325
        RESERVED
 CVE-2021-23324
@@ -10357,7 +10358,7 @@ CVE-2021-21271
 CVE-2021-21270
        RESERVED
 CVE-2021-21269 (Keymaker is a Mastodon Community Finder based Matrix Community 
serverl ...)
-       TODO: check
+       NOT-FOR-US: Keymaker
 CVE-2021-21268
        RESERVED
 CVE-2021-21267
@@ -13203,7 +13204,7 @@ CVE-2020-35493 (A flaw exists in binutils in bfd/pef.c. 
An attacker who is able
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25307
        NOTE: 
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab
        NOTE: NOTE: binutils not covered by security support
-CVE-2020-35492 [cairo: libreoffice slideshow aborts with stack smashing in 
cairo's composite_boxes]
+CVE-2020-35492 [cairo: buffer overflow in image compositor]
        RESERVED
        {DLA-2518-1}
        - cairo 1.16.0-5 (bug #978658)
@@ -13903,7 +13904,7 @@ CVE-2020-35241 (FlatPress 1.0.3 is affected by 
cross-site scripting (XSS) in the
 CVE-2020-35240 (FluxBB 1.5.11 is affected by cross-site scripting (XSS in the 
Blog Con ...)
        NOT-FOR-US: FluxBB
 CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 
4.1.3. The Cs ...)
-       TODO: check
+       NOT-FOR-US: CakePHP
 CVE-2020-35238
        RESERVED
 CVE-2020-35237
@@ -15200,7 +15201,7 @@ CVE-2021-2001 (Vulnerability in the MySQL Server 
product of Oracle MySQL (compon
 CVE-2021-2000 (Vulnerability in the Unified Audit component of Oracle Database 
Server ...)
        NOT-FOR-US: Oracle
 CVE-2021-1999 (Vulnerability in the Oracle ZFS Storage Appliance Kit product 
of Oracl ...)
-       TODO: check
+       NOT-FOR-US: Oracle
 CVE-2021-1998 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <unfixed>
 CVE-2021-1997 (Vulnerability in the Oracle Hospitality Reporting and Analytics 
produc ...)
@@ -19584,11 +19585,11 @@ CVE-2021-1071
 CVE-2021-1070
        RESERVED
 CVE-2021-1069 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1068 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1067 (NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a 
vulnerabilit ...)
-       TODO: check
+       NOT-FOR-US: NVIDIA
 CVE-2021-1066 (NVIDIA vGPU manager contains a vulnerability in the vGPU 
plugin, in wh ...)
        NOT-FOR-US: NVIDIA vGPU manager
 CVE-2021-1065 (NVIDIA vGPU manager contains a vulnerability in the vGPU 
plugin, in wh ...)
@@ -23421,7 +23422,7 @@ CVE-2020-27737
 CVE-2020-27736
        RESERVED
 CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary 
IFRAME ele ...)
-       TODO: check
+       NOT-FOR-US: Wing FTP
 CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to 
take own ...)
        - openrc <unfixed> (bug #973245)
        [buster] - openrc <no-dsa> (Minor issue)
@@ -24761,7 +24762,7 @@ CVE-2020-27300
 CVE-2020-27299
        RESERVED
 CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 
1.4.3, 1 ...)
-       TODO: check
+       NOT-FOR-US: Philips
 CVE-2020-27297
        RESERVED
 CVE-2020-27296



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0907e37602176c4f176b41f799b3eb9fa914b199

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0907e37602176c4f176b41f799b3eb9fa914b199
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] new golang-gogoprotobuf issue

Reply via email to