Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54164ce3 by Moritz Muehlenhoff at 2021-03-24T17:37:45+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18717,13 +18717,13 @@ CVE-2021-21392
CVE-2021-21391
RESERVED
CVE-2021-21390 (MinIO is an open-source high performance object storage
service and it ...)
- TODO: check
+ NOT-FOR-US: MinIO
CVE-2021-21389
RESERVED
CVE-2021-21388
RESERVED
CVE-2021-21387 (Wrongthink peer-to-peer, end-to-end encrypted messenger with
PeerJS an ...)
- TODO: check
+ NOT-FOR-US: Wrongthink
CVE-2021-21386
RESERVED
CVE-2021-21385
@@ -18735,15 +18735,15 @@ CVE-2021-21383 (Wiki.js an open-source wiki app built
on Node.js. Wiki.js before
CVE-2021-21382
RESERVED
CVE-2021-21380 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
- TODO: check
+ NOT-FOR-US: XWiki
CVE-2021-21379 (XWiki Platform is a generic wiki platform offering runtime
services fo ...)
NOT-FOR-US: XWiki
CVE-2021-21378 (Envoy is a cloud-native high-performance edge/middle/service
proxy. In ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2021-21377 (OMERO.web is open source Django-based software for managing
microscopy ...)
- TODO: check
+ NOT-FOR-US: OMERO.web
CVE-2021-21376 (OMERO.web is open source Django-based software for managing
microscopy ...)
- TODO: check
+ NOT-FOR-US: OMERO.web
CVE-2021-21375 (PJSIP is a free and open source multimedia communication
library writt ...)
- pjproject <removed>
NOTE:
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
@@ -18758,7 +18758,7 @@ CVE-2021-21372
CVE-2021-21371 (Tenable for Jira Cloud is an open source project designed to
pull Tena ...)
NOT-FOR-US: Tenable for Jira Cloud
CVE-2021-21370 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21369 (Hyperledger Besu is an open-source, MainNet compatible,
Ethereum clien ...)
NOT-FOR-US: Hyperledger Besu
CVE-2021-21368 (msgpack5 is a msgpack v5 implementation for node.js and the
browser. I ...)
@@ -18782,15 +18782,15 @@ CVE-2021-21361 (The
`com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains
CVE-2021-21360 (Products.GenericSetup is a mini-framework for expressing the
configure ...)
NOT-FOR-US: Products.GenericSetup
CVE-2021-21359 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21358 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21357 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21356
RESERVED
CVE-2021-21355 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21354 (Pollbot is open source software which "frees its human masters
from th ...)
NOT-FOR-US: Pollbot
CVE-2021-21353 (Pug is an npm package which is a high-performance template
engine. In ...)
@@ -18831,11 +18831,11 @@ CVE-2021-21341 (XStream is a Java library to
serialize objects to XML and back a
- libxstream-java <unfixed>
NOTE:
https://github.com/x-stream/xstream/security/advisories/GHSA-2p3x-qw9c-25hh
CVE-2021-21340 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21339 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21338 (TYPO3 is an open source PHP based web content management
system. In TY ...)
- TODO: check
+ NOT-FOR-US: TYPO3
CVE-2021-21337 (Products.PluggableAuthService is a pluggable Zope
authentication and a ...)
NOT-FOR-US: Products.PluggableAuthService
CVE-2021-21336 (Products.PluggableAuthService is a pluggable Zope
authentication and a ...)
@@ -19031,7 +19031,7 @@ CVE-2021-21269 (Keymaker is a Mastodon Community Finder
based Matrix Community s
CVE-2021-21268
RESERVED
CVE-2021-21267 (Schema-Inspector is an open-source tool to sanitize and
validate JS ob ...)
- TODO: check
+ NOT-FOR-US: Node schema-inspector
CVE-2021-21266 (openHAB is a vendor and technology agnostic open source
automation sof ...)
NOT-FOR-US: openHAB
CVE-2021-21265 (October is a free, open-source, self-hosted CMS platform based
on the ...)
@@ -21255,7 +21255,7 @@ CVE-2021-20328 (Specific versions of the Java driver
that support client-side fi
NOTE: https://jira.mongodb.org/browse/JAVA-4017
NOTE: Fixed by:
https://github.com/mongodb/mongo-java-driver/commit/60d87d5a76645a331a77ccc45ef7c67aac88b234
CVE-2021-20327 (A specific version of the Node.js mongodb-client-encryption
module doe ...)
- TODO: check
+ NOT-FOR-US: Node mongodb-client-encryption
CVE-2021-20326
RESERVED
CVE-2021-20325
@@ -28975,7 +28975,7 @@ CVE-2020-28505
CVE-2020-28504
RESERVED
CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to
Prototype Pollut ...)
- TODO: check
+ NOT-FOR-US: Node copy-props
CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all
versions of ...)
- node-xmlhttprequest 1.8.0-1
[stretch] - node-xmlhttprequest <end-of-life> (Nodejs in stretch not
covered by security support)
@@ -28984,7 +28984,7 @@ CVE-2020-28502 (This affects the package xmlhttprequest
before 1.7.0; all versio
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935
NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
CVE-2020-28501 (This affects the package es6-crawler-detect before 3.1.3. No
limitatio ...)
- TODO: check
+ NOT-FOR-US: Node es6-crawler-detect
CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular
Expression ...)
- node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by
security support)
@@ -64684,7 +64684,7 @@ CVE-2020-13699 (TeamViewer Desktop for Windows before
15.8.3 does not properly q
CVE-2020-13698
RESERVED
CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD
through 2 ...)
- TODO: check
+ NOT-FOR-US: NanoHTTPD Java
CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The
function de ...)
{DLA-2246-1}
- xawtv 3.107-1 (bug #962221)
@@ -67717,7 +67717,7 @@ CVE-2020-12485 (The frame touch module does not make
validity judgments on param
CVE-2020-12484
RESERVED
CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components,
and the a ...)
- TODO: check
+ NOT-FOR-US: Vivo
CVE-2020-12482
RESERVED
CVE-2020-12481
@@ -82362,7 +82362,7 @@ CVE-2020-7348
CVE-2020-7347
RESERVED
CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss
Prevention (DLP ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7345
RESERVED
CVE-2020-7344
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54164ce396affcac6ca082c4c808fedf90eba70b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54164ce396affcac6ca082c4c808fedf90eba70b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
