[Git][security-tracker-team/security-tracker][master] NFUs

Wed, 24 Mar 2021 03:17:47 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a4592458 by Moritz Muehlenhoff at 2021-03-24T11:17:12+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2021-3462
 CVE-2021-29134
        RESERVED
 CVE-2021-29133 (Lack of verification in haserl, a component of Alpine Linux 
Configurat ...)
-       TODO: check
+       NOT-FOR-US: haserl (Alpine), different from src:haserl
 CVE-2021-29132
        RESERVED
 CVE-2021-29131
@@ -348,7 +348,7 @@ CVE-2021-28969
 CVE-2021-28968 (An issue was discovered in PunBB before 1.4.6. An XSS 
vulnerability in ...)
        NOT-FOR-US: PunBB
 CVE-2021-28967 (The unofficial MATLAB extension before 2.0.1 for Visual Studio 
Code al ...)
-       TODO: check
+       NOT-FOR-US: MATLAB extenstion for vscode
 CVE-2021-28966
        RESERVED
 CVE-2021-28965
@@ -671,21 +671,21 @@ CVE-2021-28826
 CVE-2021-28825
        RESERVED
 CVE-2021-28824 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO Acti ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28823 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO eFTL ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28822 (The Enterprise Message Service Server (tibemsd), Enterprise 
Message Se ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28821 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO Ente ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28820 (The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL 
Java API ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28819 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO FTL  ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28818 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure 
Routing Daemon ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28817 (The Windows Installation component of TIBCO Software Inc.'s 
TIBCO Rend ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-28816
        RESERVED
 CVE-2021-28815
@@ -2289,9 +2289,9 @@ CVE-2021-28102
 CVE-2021-28101
        RESERVED
 CVE-2021-28100 (Priam uses File.createTempFile, which gives the permissions on 
that fi ...)
-       TODO: check
+       NOT-FOR-US: Priam
 CVE-2021-28099 (In Netflix OSS Hollow, since the Files.exists(parent) is run 
before cr ...)
-       TODO: check
+       NOT-FOR-US: Hollow
 CVE-2020-36276
        RESERVED
 CVE-2020-36275
@@ -2802,7 +2802,7 @@ CVE-2021-27910
 CVE-2021-27909
        RESERVED
 CVE-2021-27908 (In all versions prior to Mautic 3.3.2, secret parameters such 
as datab ...)
-       TODO: check
+       NOT-FOR-US: Mautic
 CVE-2021-27907 (Apache Superset up to and including 0.38.0 allowed the 
creation of a M ...)
        NOT-FOR-US: Apache Superset
 CVE-2021-27906 (A carefully crafted PDF file can trigger an 
OutOfMemory-Exception whil ...)
@@ -13480,7 +13480,7 @@ CVE-2021-23276
 CVE-2021-23275
        RESERVED
 CVE-2021-23274 (The Config UI component of TIBCO Software Inc.'s TIBCO API 
Exchange Ga ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2021-23273 (The Spotfire client component of TIBCO Software Inc.'s TIBCO 
Spotfire  ...)
        NOT-FOR-US: TIBCO
 CVE-2021-23272 (The Application Development Clients component of TIBCO 
Software Inc.'s ...)
@@ -14292,7 +14292,7 @@ CVE-2021-22866
 CVE-2021-22865
        RESERVED
 CVE-2021-22864 (A remote code execution vulnerability was identified in GitHub 
Enterpr ...)
-       TODO: check
+       NOT-FOR-US: GitHub Enterprise
 CVE-2021-22863 (An improper access control vulnerability was identified in the 
GitHub  ...)
        NOT-FOR-US: GitHub Enterprise
 CVE-2021-22862 (An improper access control vulnerability was identified in 
GitHub Ente ...)
@@ -15546,7 +15546,7 @@ CVE-2021-22316
 CVE-2021-22315
        RESERVED
 CVE-2021-22314 (There is a local privilege escalation vulnerability in some 
versions o ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2021-22313
        RESERVED
 CVE-2021-22312
@@ -18087,9 +18087,9 @@ CVE-2021-21440
 CVE-2021-21439
        RESERVED
 CVE-2021-21438 (Agents are able to see linked FAQ articles without permissions 
(define ...)
-       TODO: check
+       NOT-FOR-US: OTRS FAQ addon (and OTRS 7 which is proprietary)
 CVE-2021-21437 (Agents are able to see linked Config Items without 
permissions, which  ...)
-       TODO: check
+       NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21436 (Agents are able to see and link Config Items without 
permissions, whic ...)
        NOT-FOR-US: OTRSCIsInCustomerFrontend (OTRS addon)
 CVE-2021-21435 (Article Bcc fields and agent personal information are shown 
when custo ...)
@@ -18691,7 +18691,7 @@ CVE-2021-21404
 CVE-2021-21403
        RESERVED
 CVE-2021-21402 (Jellyfin is a Free Software Media System. In Jellyfin before 
version 1 ...)
-       TODO: check
+       NOT-FOR-US: Jellyfin
 CVE-2021-21401 (Nanopb is a small code-size Protocol Buffers implementation in 
ansi C. ...)
        TODO: check
 CVE-2021-21400



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4592458f3353c39f9d74d59b35ef77d3b582d1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a4592458f3353c39f9d74d59b35ef77d3b582d1f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to