Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82d08fe1 by Moritz Mühlenhoff at 2021-05-23T20:17:23+02:00
updated refs for godot
- - - - -
3597a5b0 by Moritz Mühlenhoff at 2021-05-23T20:24:05+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1875,7 +1875,7 @@ CVE-2021-32634 (Emissary is a distributed, peer-to-peer,
data-driven workflow fr
CVE-2021-32633 (Zope is an open-source web application server. In Zope
versions prior ...)
TODO: check
CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are
vulnera ...)
- TODO: check
+ NOT-FOR-US: Pajbot
CVE-2021-32631
RESERVED
CVE-2021-32630 (Admidio is a free, open source user management system for
websites of ...)
@@ -1903,7 +1903,7 @@ CVE-2021-32620
CVE-2021-32619
RESERVED
CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding
security fe ...)
- TODO: check
+ NOT-FOR-US: Flask-Security-Too
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading,
writing, ...)
- exiv2 <unfixed> (bug #988731)
[bullseye] - exiv2 <no-dsa> (Minor issue)
@@ -9046,7 +9046,7 @@ CVE-2021-29625 (Adminer is open-source database
management software. A cross-sit
NOTE:
https://github.com/vrana/adminer/security/advisories/GHSA-2v82-5746-vwqc
NOTE:
https://github.com/vrana/adminer/commit/4043092ec2c0de2258d60a99d0c5958637d051a7
CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect
their F ...)
- TODO: check
+ NOT-FOR-US: fastify-csrf
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read,
write, dele ...)
- exiv2 <unfixed> (bug #988481)
[bullseye] - exiv2 <no-dsa> (Minor issue)
@@ -14236,11 +14236,11 @@ CVE-2021-27436 (WebAccess/SCADA Versions 9.0 and
prior is vulnerable to cross-si
CVE-2021-27435
RESERVED
CVE-2021-27434 (Products with Unified Automation .NET based OPC UA
Client/Server SDK B ...)
- TODO: check
+ NOT-FOR-US: Unified Automation .NET
CVE-2021-27433
RESERVED
CVE-2021-27432 (OPC Foundation UA .NET Standard versions prior to 1.4.365.48
and OPC U ...)
- TODO: check
+ NOT-FOR-US: OPC Foundation UA .NET
CVE-2021-27431
RESERVED
CVE-2021-27430
@@ -15688,12 +15688,15 @@ CVE-2021-26826 (A stack overflow issue exists in
Godot Engine up to v3.2 and is
- godot <unfixed> (bug #982593)
[buster] - godot <no-dsa> (Minor issue)
NOTE: https://github.com/godotengine/godot/pull/45701
- NOTE:
https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
+ NOTE:
https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
(master)
+ NOTE:
https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
(3.2)
CVE-2021-26825 (An integer overflow issue exists in Godot Engine up to v3.2
that can b ...)
- godot <unfixed> (bug #982593)
[buster] - godot <no-dsa> (Minor issue)
- NOTE: https://github.com/godotengine/godot/pull/45702
- NOTE:
https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
+ NOTE: https://github.com/godotengine/godot/pull/45701
+ NOTE:
https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
+ NOTE:
https://github.com/godotengine/godot/commit/403e4fd08b0b212e96f53d926e6273e0745eaa5a
(master)
+ NOTE:
https://github.com/godotengine/godot/commit/113b5ab1c45c01b8e6d54d13ac8876d091f883a8
(3.2)
CVE-2021-26824
RESERVED
CVE-2021-26823
@@ -23799,7 +23802,7 @@ CVE-2021-23388
CVE-2021-23387
RESERVED
CVE-2021-23386 (This affects the package dns-packet before 5.2.2. It creates
buffers w ...)
- TODO: check
+ NOT-FOR-US: Node dns-packet
CVE-2021-23385
RESERVED
CVE-2021-23384 (The package koa-remove-trailing-slashes before 2.0.2 are
vulnerable to ...)
@@ -31568,7 +31571,7 @@ CVE-2021-20591
CVE-2021-20590 (Improper authentication vulnerability in GOT2000 series GT27
model all ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20589 (Buffer access with incorrect length value vulnerability in
GOT2000 ser ...)
- TODO: check
+ NOT-FOR-US: Mitsubishi
CVE-2021-20588 (Improper handling of length parameter inconsistency
vulnerability in M ...)
NOT-FOR-US: Mitsubishi
CVE-2021-20587 (Heap-based buffer overflow vulnerability in Mitsubishi
Electric FA Eng ...)
@@ -32084,7 +32087,7 @@ CVE-2021-20333
CVE-2021-20332
RESERVED
CVE-2021-20331 (Specific versions of the MongoDB C# Driver may erroneously
publish eve ...)
- TODO: check
+ NOT-FOR-US: MongoDB C# Driver
CVE-2021-20330
RESERVED
CVE-2021-20329
@@ -45337,7 +45340,7 @@ CVE-2020-27211 (Nordic Semiconductor nRF52840 devices
through 2020-10-19 have im
CVE-2020-27210
RESERVED
CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable
to simp ...)
- TODO: check
+ NOT-FOR-US: micro-ecc
CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced
during the d ...)
NOT-FOR-US: SoloKeys Solo
CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free,
related to sq ...)
@@ -52065,9 +52068,9 @@ CVE-2020-24398
CVE-2020-24397 (An issue was discovered in the client side of Zoho
ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive
SSH key ...)
- TODO: check
+ NOT-FOR-US: homee Brain Cube
CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2
and 2.28 ...)
- TODO: check
+ NOT-FOR-US: homee Brain Cube
CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS
server) ca ...)
- linux 5.7.6-1 (bug #962254)
[buster] - linux 4.19.131-1
@@ -53431,9 +53434,9 @@ CVE-2020-23768 (An information disclosure vulnerability
was discovered in alipay
CVE-2020-23767
RESERVED
CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on
htmly v2.7. ...)
- TODO: check
+ NOT-FOR-US: htmly
CVE-2020-23765 (A file upload vulnerability was discovered in the file path
/bl-plugin ...)
- TODO: check
+ NOT-FOR-US: Bludit
CVE-2020-23764
RESERVED
CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows
remote atta ...)
@@ -80197,7 +80200,7 @@ CVE-2020-12062 (** DISPUTED ** The scp client in
OpenSSH 8.2 incorrectly sends d
NOTE: Negligible security impact, a malicious peer can achieve no more
than already
NOTE: able o achieve within the scp protocol.
CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through
1.1. Com ...)
- TODO: check
+ NOT-FOR-US: Nitrokey firmware
CVE-2020-12060
RESERVED
CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request
with an ...)
@@ -443235,7 +443238,7 @@ CVE-2008-3281 (libxml2 2.6.32 and earlier does not
properly detect recursion dur
- libxml2 2.6.32.dfsg-3 (medium)
- chromium-browser 5.0.375.29~r46008-1
CVE-2008-3280 (It was found that various OpenID Providers (OPs) had TLS Server
Certif ...)
- TODO: check
+ NOT-FOR-US: Historic OpenID issues
CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in
brltty 3.7.2 ...)
- brltty <not-affected> (RedHat-specific)
CVE-2008-3278 (frysk packages through 2008-08-05 as shipped in Red Hat
Enterprise Lin ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/afd2c9969f89738345c27af01e1afc66b441bc2f...3597a5b0d34f44032c244276dbf96907f41ef4ab
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/afd2c9969f89738345c27af01e1afc66b441bc2f...3597a5b0d34f44032c244276dbf96907f41ef4ab
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
