Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f14e3b3 by Moritz Muehlenhoff at 2021-06-29T14:22:47+02:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2688,7 +2688,6 @@ CVE-2021-3597
RESERVED
- undertow <unfixed> (bug #989861)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930
- TODO: check, lack of details
CVE-2021-34674
RESERVED
CVE-2021-34673
@@ -3561,7 +3560,6 @@ CVE-2021-3583 [Template Injection through yaml multi-line
strings with ansible f
- ansible <undetermined>
- ansible-base <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412
- TODO: scarce information, check later
CVE-2021-34290
RESERVED
CVE-2021-34289
@@ -3777,9 +3775,8 @@ CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based
buffer overflow caused by
CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could
cause a b ...)
NOT-FOR-US: Miniaudio
CVE-2021-34183 (ImageMagick 7.0.11-14 has a memory leak in
AcquireSemaphoreMemory in s ...)
- - imagemagick <undetermined>
+ - imagemagick <unfixed> (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/3767
- TODO: check if IM6 affected, likely anyway unimportant
CVE-2021-34182
RESERVED
CVE-2021-34181
@@ -4360,7 +4357,6 @@ CVE-2021-3582 [hw/rdma: Fix possible mremap overflow in
the pvrdma device]
- qemu <unfixed>
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
NOTE:
https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html
- TODO: check
CVE-2021-33907
RESERVED
CVE-2021-33906
@@ -7107,9 +7103,9 @@ CVE-2021-32725
CVE-2021-32724
RESERVED
CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before
1.24.0 a ...)
- TODO: check
+ NOT-FOR-US: Prism
CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. All existing versions
of Glob ...)
- TODO: check
+ NOT-FOR-US: GlobalNewFiles MediaWiki extension
CVE-2021-32721
RESERVED
CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony.
In vers ...)
@@ -9878,7 +9874,7 @@ CVE-2021-31617
CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware
wallet f ...)
NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware
CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth
Core Spec ...)
- TODO: check
+ NOTE: Bluetooth protocol issue
CVE-2021-31614
RESERVED
CVE-2021-31613
@@ -17323,11 +17319,11 @@ CVE-2021-28587 (After Effects versions 18.0 (and
earlier) are affected by an out
CVE-2021-28586 (After Effects version 18.0 (and earlier) are affected by an
out-of-bou ...)
NOT-FOR-US: Adobe
CVE-2021-28585 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-28584 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-28583 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-28582
RESERVED
CVE-2021-28581
@@ -17367,7 +17363,7 @@ CVE-2021-28565
CVE-2021-28564
RESERVED
CVE-2021-28563 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-28562 (Acrobat Reader DC versions versions 2021.001.20150 (and
earlier), 2020 ...)
NOT-FOR-US: Adobe
CVE-2021-28561
@@ -17381,7 +17377,7 @@ CVE-2021-28558
CVE-2021-28557
RESERVED
CVE-2021-28556 (Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier)
and 2.3.6 ...)
- TODO: check
+ NOT-FOR-US: Magento
CVE-2021-28555
RESERVED
CVE-2021-28554
@@ -29633,9 +29629,9 @@ CVE-2021-23398 (All versions of package
react-bootstrap-table are vulnerable to
CVE-2021-23397
RESERVED
CVE-2021-23396 (All versions of package lutils are vulnerable to Prototype
Pollution v ...)
- TODO: check
+ NOT-FOR-US: Node lutils
CVE-2021-23395 (This affects all versions of package nedb. The library could
be tricke ...)
- TODO: check
+ NOT-FOR-US: Node nedb
CVE-2021-23394 (The package studio-42/elfinder before 2.1.58 are vulnerable to
Remote ...)
NOT-FOR-US: studio-42/elfinder
CVE-2021-23393 (This affects the package Flask-Unchained before 0.9.0. When
using the ...)
@@ -33148,7 +33144,7 @@ CVE-2021-21811
CVE-2021-21810
RESERVED
CVE-2021-21809 (A command execution vulnerability exists in the default legacy
spellch ...)
- TODO: check
+ NOT-FOR-US: Moodle plugin
CVE-2021-21808 (A memory corruption vulnerability exists in the PNG
png_palette_proces ...)
NOT-FOR-US: Accusoft ImageGear
CVE-2021-21807
@@ -35222,7 +35218,7 @@ CVE-2021-21424 (Symfony is a PHP framework for web and
console applications and
CVE-2021-21423 (`projen` is a project generation tool that synthesizes project
configu ...)
NOT-FOR-US: projen
CVE-2021-21422 (mongo-express is a web-based MongoDB admin interface, written
with Nod ...)
- TODO: check
+ NOT-FOR-US: mongo-express
CVE-2021-21421 (node-etsy-client is a NodeJs Etsy ReST API Client.
Applications that a ...)
NOT-FOR-US: node-etsy-client
CVE-2021-21420 (vscode-stripe is an extension for Visual Studio Code. A
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f14e3b3faeee685990131035c1ae7b85f292146
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f14e3b3faeee685990131035c1ae7b85f292146
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
