Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0a6f7a97 by Moritz Muehlenhoff at 2021-04-29T13:18:13+02:00
new node-browserslist issue
one more vbox issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,7 +8,7 @@ CVE-2021-31877
CVE-2021-31876
RESERVED
CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously
formed JSO ...)
- TODO: check
+ NOT-FOR-US: Cesanta MongooseOS mJS
CVE-2021-31874
RESERVED
CVE-2021-31873
@@ -5370,7 +5370,7 @@ CVE-2021-29485
CVE-2021-29484
RESERVED
CVE-2021-29483 (ManageWiki is an extension to the MediaWiki project. The
'wikiconfig' ...)
- TODO: check
+ NOT-FOR-US: ManageWiki MediaWiki extension
CVE-2021-29482 (xz is a compression and decompression library focusing on the
xz forma ...)
- golang-github-ulikunitz-xz <unfixed>
NOTE:
https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27
@@ -15357,7 +15357,7 @@ CVE-2021-25315 (A Incorrect Implementation of
Authentication Algorithm vulnerabi
- salt <not-affected> (SuSE specific issue, cf #985085)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1182382
CVE-2021-25314 (A Creation of Temporary File With Insecure Permissions
vulnerability i ...)
- TODO: check
+ NOT-FOR-US: hawk2 as packaged by SuSE
CVE-2021-25313 (A Improper Neutralization of Input During Web Page Generation
('Cross- ...)
NOT-FOR-US: Rancher
CVE-2021-3179
@@ -18117,7 +18117,7 @@ CVE-2021-24030 (The fbgames protocol handler registered
as part of Facebook Game
CVE-2021-24029 (A packet of death scenario is possible in mvfst via a
specially crafte ...)
NOT-FOR-US: mvfst
CVE-2021-24028 (An invalid free in Thrift's table-based serialization can
cause the ap ...)
- TODO: check
+ NOT-FOR-US: Facebook Thrift (Debian packages Apache Thrift)
CVE-2021-24027 (A cache configuration issue prior to WhatsApp for Android
v2.21.4.18 a ...)
NOT-FOR-US: WhatsApp
CVE-2021-24026 (A missing bounds check within the audio decoding pipeline for
WhatsApp ...)
@@ -19717,9 +19717,12 @@ CVE-2021-23367
CVE-2021-23366
RESERVED
CVE-2021-23365 (The package github.com/tyktechnologies/tyk-identity-broker
before 1.1. ...)
- TODO: check
+ NOT-FOR-US: tyk-identity-broker
CVE-2021-23364 (The package browserslist from 4.0.0 and before 4.16.5 are
vulnerable t ...)
- TODO: check
+ - node-browserslist <unfixed>
+ NOTE:
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
+ NOTE: https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
+ NOTE: https://github.com/browserslist/browserslist/pull/593
CVE-2021-23363 (This affects the package kill-by-port before 0.0.2. If
(attacker-contr ...)
NOT-FOR-US: Node kill-by-port
CVE-2021-23362 (The package hosted-git-info before 3.0.8 are vulnerable to
Regular Exp ...)
@@ -25128,7 +25131,7 @@ CVE-2021-21431 (sopel-channelmgnt is a channelmgnt
plugin for sopel. In versions
CVE-2021-21430
RESERVED
CVE-2021-21429 (OpenAPI Generator allows generation of API client libraries,
server st ...)
- TODO: check
+ NOT-FOR-US: OpenAPI Generator
CVE-2021-21428
RESERVED
CVE-2021-21427 (Magento-lts is a long-term support alternative to Magento
Community Ed ...)
@@ -25161,7 +25164,7 @@ CVE-2021-21416 (django-registration is a user
registration package for Django. T
CVE-2021-21415
RESERVED
CVE-2021-21414 (Prisma is an open source ORM for Node.js & TypeScript. As
of today ...)
- TODO: check
+ NOT-FOR-US: Prisma
CVE-2021-21413 (isolated-vm is a library for nodejs which gives you access to
v8's Iso ...)
NOT-FOR-US: Node isolated-vm
CVE-2021-21412 (Potential for arbitrary code execution in npm package
@thi.ng/egf `#gp ...)
@@ -25287,7 +25290,7 @@ CVE-2021-21366 (xmldom is a pure JavaScript W3C
standard-based (XML DOM Level 2
NOTE:
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
NOTE:
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
CVE-2021-21365 (Bootstrap Package is a theme for TYPO3. It has been discovered
that re ...)
- TODO: check
+ NOT-FOR-US: Typo3 theme
CVE-2021-21364 (swagger-codegen is an open-source project which contains a
template-dr ...)
- swagger-codegen <itp> (bug #950318)
CVE-2021-21363 (swagger-codegen is an open-source project which contains a
template-dr ...)
@@ -27120,11 +27123,11 @@ CVE-2021-20718
CVE-2021-20717
RESERVED
CVE-2021-20716 (Hidden functionality in multiple Buffalo network devices
(BHR-4RV firm ...)
- TODO: check
+ NOT-FOR-US: Buffalo
CVE-2021-20715 (Improper access control vulnerability in Hot Pepper Gourmet
App for An ...)
NOT-FOR-US: Hot Pepper Gourmet App
CVE-2021-20714 (Directory traversal vulnerability in WP Fastest Cache versions
prior t ...)
- TODO: check
+ NOT-FOR-US: WP fastest cache
CVE-2021-20713
RESERVED
CVE-2021-20712 (Improper access control vulnerability in NEC Aterm WG2600HS
firmware V ...)
@@ -30399,7 +30402,7 @@ CVE-2021-2323
CVE-2021-2322
RESERVED
CVE-2021-2321 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- TODO: check
+ - virtualbox 6.1.20-dfsg-1
CVE-2021-2320 (Vulnerability in the Oracle Cloud Infrastructure Storage
Gateway produ ...)
NOT-FOR-US: Oracle
CVE-2021-2319 (Vulnerability in the Oracle Cloud Infrastructure Storage
Gateway produ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a6f7a976743f8bb68b53434613129638721eb93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a6f7a976743f8bb68b53434613129638721eb93
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
